cbcvebase.
CVE-2026-2025
published 2026-03-04

CVE-2026-2025: The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and…

PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.38%
68.7th percentile
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/mrm/v1/wp/admins?term=@
path/wp-content/plugins/mail-mint/
  • Detect exploitation attempts by monitoring GET requests to the unauthenticated REST API endpoint /wp-json/mrm/v1/wp/admins with a 'term' parameter containing '@', with no authentication headers.
  • A successful exploitation response will return HTTP 200 with Content-Type application/json and a body containing the keys 'admins', 'label', and an '@' character (email address).
  • Identify Mail Mint plugin installations by searching for the plugin path string in page bodies, which can be used for mass scanning/fingerprinting prior to exploitation.
  • ·The vulnerability affects Mail Mint WordPress plugin versions before 1.19.5 only. Installations running 1.19.5 or later are not vulnerable.
  • ·Exploitation requires no authentication whatsoever — any unauthenticated HTTP client can call the endpoint and retrieve user email addresses.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.