Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.6.
Published: 2025-09-22
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of special elements in an SQL command allows attackers to inject malicious SQL through the Mail Mint plugin. This weakness is a classic SQL Injection (CWE‑89) that can enable an attacker to read, modify, or delete data stored in the on‑site database, compromising both confidentiality and integrity of site information. The vulnerability can also lead to broader compromise if sensitive administrative data is exposed or altered.

Affected Systems

The issue affects the Mail Mint plugin from WPFunnels, impacting all versions up to and including 1.18.6. Users running any of these version numbers are susceptible; newer releases are presumed fixed.

Risk and Exploitability

The CVSS score of 7.6 classifies the flaw as high severity, while an EPSS score of less than 1% indicates a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not been reported in widely publicized attacks. The likely attack vector is through normal web traffic where the plugin processes user or form input, meaning any visitor to a site with the vulnerable plugin could potentially trigger the injection if proper input validation is not enforced.

Generated by OpenCVE AI on April 30, 2026 at 06:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mail Mint to any available version newer than 1.18.6 to resolve the SQL injection issue
  • If an upgrade cannot be performed immediately, remove or deactivate the Mail Mint plugin to eliminate the attack surface
  • Implement application hardening by ensuring all database queries use parameterized statements and adhere to proper input validation practices in line with CWE‑89 remediation guidelines

Generated by OpenCVE AI on April 30, 2026 at 06:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30509 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.6. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.6.
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpfunnels
Wpfunnels mail Mint Plugin
Vendors & Products Wordpress
Wordpress wordpress
Wpfunnels
Wpfunnels mail Mint Plugin

Tue, 23 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 22 Sep 2025 18:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.6.
Title WordPress Mail Mint Plugin <= 1.18.6 - SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Wordpress Wordpress
Wpfunnels Mail Mint Plugin
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:52.685Z

Reserved: 2025-09-17T18:01:02.999Z

Link: CVE-2025-59570

cve-icon Vulnrichment

Updated: 2025-09-23T13:36:28.015Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:25.277

Modified: 2026-04-23T15:34:04.743

Link: CVE-2025-59570

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T06:15:29Z

Weaknesses