cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches formail-mint mail-mint

Direction: ascending
May 13, 2025

Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint # CVE-2025-47541

CVE, Research URL

CVE-2025-47541

Home page URL

Security reports for Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint

Application

Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint

Date
May 23, 2025
Research Description
Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.17.7.
Affected versions
max 1.17.8.
Status
vulnerable
Sep 05, 2025

Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint # CVE-2025-58604

CVE, Research URL

CVE-2025-58604

Home page URL

Security reports for Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint

Application

Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint

Date
Sep 03, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5.
Affected versions
max 1.18.6.
Status
vulnerable
Dec 11, 2025

Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint # CVE-2025-11967

CVE, Research URL

CVE-2025-11967

Home page URL

Security reports for Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint

Application

Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint

Date
Nov 08, 2025
Research Description
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 1.18.11.
Status
vulnerable
Feb 27, 2026

Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint # CVE-2026-23541

CVE, Research URL

CVE-2026-23541

Home page URL

Security reports for Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint

Application

Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint

Date
Feb 19, 2026
Research Description
Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4.
Affected versions
max 1.19.4.
Status
vulnerable