Mail Mint WordPress plugin: Exposed User Email Addresses

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Mail Mint WordPress plugin: Exposed User Email Addresses

CVE-2026-2025

Summary

An outdated version of the Mail Mint WordPress plugin allows anyone to see the email addresses of all website users. This is a security risk because it could be used to send spam or phishing emails. Update the plugin to version 1.19.5 or later to fix this issue.

Original title

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the...

Original description

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog

nvd CVSS3.1 7.5

Vulnerability type

CWE-200 Information Exposure

https://wpscan.com/vulnerability/1b815cde-cd9d-46fa-a6ab-3d2851705e7b/

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026