216.73.216.133

CVE-2026-2025

· Published 04/03/2026 06:16 · Modified 04/03/2026 18:16

Labels: CVE-2026-2025 2026-03-04CVE-2026-2025CWE-200[email protected]

Essential information

Published
04/03/2026 06:16
Modified
04/03/2026 18:16
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mail mint / mail mint plugin cpe:2.3:a:mail_mint:mail_mint_plugin:*:*:*:*:*:wordpress:*:*

References