What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.5.
Explanation of Vulnerability in Simple Terms
02Summary
Mail Mint versions up to 1.18.5 contain a SQL injection vulnerability accessible to high-privilege users. An attacker with admin or editor access can craft malicious input to execute arbitrary SQL queries, potentially reading sensitive database records or disrupting site availability. The vulnerability requires authenticated access but can impact the entire site due to scope change.
What an attacker can do
03Attacker Capabilities
Read sensitive database records or cause the site to become unavailable.
Potential impact on your site
04Site Impact
A compromised admin or editor account can extract database contents or crash the site.
Conditions required to exploit
05Prerequisites
Attacker must have admin or editor-level access to the WordPress site.
Key dates
06Disclosure timeline
September 3, 2025
CVE published
May 12, 2026
Record updated