Primary

Context

Mail Mint WordPress Plugin Unauthenticated Email Disclosure Vulnerability

Vulnerability

A vulnerability in the Mail Mint WordPress plugin, affecting versions prior to 1.19.5, allows unauthenticated users to access a REST API endpoint lacking proper authorization. This flaw enables the retrieval of email addresses from users on the blog.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of email addresses from WordPress users.

Reproduction

To reproduce this vulnerability, send a request to the REST API endpoint 'wp-json/mrm/v1/wp/admins' without authentication. The endpoint will respond with email addresses of users on the blog. This can be done using a tool like curl, by specifying a search term to filter the results.

Remediation

Users are advised to update the Mail Mint WordPress plugin to version 1.19.5 or later.

Added: Mar 4, 2026, 6:17 AM

Updated: Mar 4, 2026, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

3.5

threat

7.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

3.5

threat

7.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mail Mint WordPress Plugin Unauthenticated Email Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating