Lucene search
K

821 matches found

Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20659

Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through = 1.19.4...

5.5AI score0.00293EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin Mail Mint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/18 8:56 a.m.9 views

WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Mail Mint versions = 1.19.4...

5.4AI score0.00293EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/15 1:28 p.m.7 views

CVE-2026-1258

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS5.9AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 9:16 a.m.10 views

CVE-2026-1258

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS0.00351EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/14 8:26 a.m.30 views

CVE-2026-1258 Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS0.00351EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/14 8:26 a.m.5 views

CVE-2026-1258 Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS5.9AI score0.00351EPSS
Exploits0References5
CVE
CVE
added 2026/02/14 8:26 a.m.29 views

CVE-2026-1258

CVE-2026-1258 affects the WordPress plugin Mail Mint (

4.9CVSS6AI score0.00351EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.12 views

WordPress plugin Mail Mint SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.9CVSS5.9AI score0.00351EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.13 views

PT-2026-8099

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS5.9AI score0.00351EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/13 11:49 p.m.6 views

WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability

Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...

4.9CVSS6AI score0.00351EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 6:42 a.m.7 views

WordPress Mail Mint plugin <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by w41bu1 - VNPT Cyber Immunity in WordPress Plugin Mail Mint versions = 1.19.2...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.9 views

CVE-2026-1447

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 a.m.11 views

CVE-2026-1447

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS0.00162EPSS
Exploits0References6
CVE
CVE
added 2026/02/03 6:38 a.m.28 views

CVE-2026-1447

Summary: The Mail Mint plugin for WordPress (versions ≤ 1.19.2) is affected by a Cross-Site Request Forgery (CSRF) due to missing nonce validation in the create_or_update_note function. This can allow unauthenticated attackers to create or update contact notes by tricking an administrator, with t...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.6 views

CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:38 a.m.6 views

CVE-2026-1447

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/03 6:38 a.m.10 views

EUVD-2026-5291

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

WordPress plugin Mail Mint 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.11 views

PT-2026-6045

Name of the Vulnerable Software and Affected Versions Mail Mint plugin for WordPress versions up to and including 1.19.2 Description The Mail Mint plugin for WordPress is susceptible to Cross-Site Request Forgery due to a lack of nonce validation in the create or update note function. This allows...

5.4CVSS5.2AI score0.00162EPSS
Exploits0References9
Rows per page
Query Builder