{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1447", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-26T17:00:55.043Z", "datePublished": "2026-02-03T06:38:05.981Z", "dateUpdated": "2026-04-08T17:30:11.747Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:11.747Z"}, "affected": [{"vendor": "getwpfunnels", "product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation & WooCommerce Emails", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.19.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting."}], "title": "Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae204-2848-4389-a78d-7b3798e4ee54?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"}, {"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"}, {"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"}, {"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"}, {"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php?old=3032077&old_path=mail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactProfileAction.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Bui Van Y"}], "timeline": [{"time": "2026-01-26T17:16:50.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-02T18:07:42.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T15:25:58.042790Z", "id": "CVE-2026-1447", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:30:16.163Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T15:25:58.042790Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:25:58.707Z"}}], "cna": {"title": "Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Bui Van Y"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "getwpfunnels", "product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation & WooCommerce Emails", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.19.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-26T17:16:50.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-02T18:07:42.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae204-2848-4389-a78d-7b3798e4ee54?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"}, {"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"}, {"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"}, {"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"}, {"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php?old=3032077&old_path=mail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactProfileAction.php"}], "descriptions": [{"lang": "en", "value": "The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:11.747Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1447", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:30:11.747Z", "dateReserved": "2026-01-26T17:00:55.043Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-03T06:38:05.981Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting."}, {"lang": "es", "value": "El plugin Mail Mint para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 1.19.2, inclusive. Esto se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n create_or_update_note. Esto hace posible que atacantes no autenticados creen o actualicen notas de contacto a trav\u00e9s de una petici\u00f3n falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace. Debido a la falta de saneamiento y escape, esto puede conducir a cross-site scripting almacenado."}], "id": "CVE-2026-1447", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-03T07:16:12.307", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php?old=3032077&old_path=mail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactProfileAction.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae204-2848-4389-a78d-7b3798e4ee54?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-15T17:31:27.177091+00:00", "value": {"mitigation_remediation": ["Upgrade Mail Mint to the latest available version, which removes the missing nonce validation and input sanitisation issues.", "If an upgrade cannot be performed immediately, modify or patch the create_or_update_note function in the plugin to enforce nonce validation or disable the endpoint entirely.", "Add proper output escaping or sanitisation to the contact note content before it is rendered, ensuring scripts cannot be executed when notes are viewed."], "summary": {"action": "Update Plugin", "impact": "Stored Cross\u2011Site Scripting via CSRF"}, "threat_synthesis": {"affected_systems": "All versions of the Mail Mint WordPress plugin up to and including 1.19.2, provided by getwpfunnels:Mail Mint \u2013 Email Marketing, Newsletter, Email Automation & WooCommerce Emails.", "description_and_impact": "The Mail Mint plugin for WordPress contains a CSRF vulnerability that arises from missing nonce validation on the create_or_update_note function. An unauthenticated attacker can forge a request to this endpoint, which will create or modify a contact note when an administrator is tricked into clicking a link. Because the plugin does not sanitise or escape the note content, malicious data can be stored and later executed in the browser when the note is displayed, resulting in stored Cross\u2011Site Scripting. The flaw permits an attacker to inject scripts that run in the context of any user who views the note, potentially leaking credentials or hijacking sessions. The impact is limited to the data displayed by the plugin, but the attack vector and lack of validation make it a moderate risk if an administrator is susceptible to the social engineering component.", "risk_and_exploitability": "The CVSS score of 5.4 indicates a medium severity, and the EPSS score of less than 1% suggests a very low likelihood that the vulnerability will be actively exploited at present. The flaw is not listed in the CISA KEV catalog. Exploitation requires an administrator to click a malicious link; there is no direct network takeover. Given the reliance on social engineering, the actual risk depends on the security posture of the site\u2019s admin users. However, the combination of CSRF and stored XSS warrants remediation to prevent potential data compromise or credential theft."}}}}, "created": "2026-02-04T12:14:40.548429+00:00", "updated": "2026-04-15T18:00:15.522788+00:00", "vendors": ["getwpfunnels", "getwpfunnels$PRODUCT$mail_mint", "wordpress", "wordpress$PRODUCT$wordpress"]}