CVE-2026-2025

HIGH 7.5

Mail Mint < 1.19.5 - Unauthenticated Emails Disclosure

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog

Vendor	unknown
Product	mail mint
Published	Mar 4, 2026
Last Updated	Mar 4, 2026

Stay Ahead of the Next One

Get instant alerts for unknown mail mint

Be the first to know when new high vulnerabilities affecting unknown mail mint are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Mail Mint

0 < 1.19.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/1b815cde-cd9d-46fa-a6ab-3d2851705e7b/

Credits

yiğit ibrahim sağlam WPScan