CVE-2026-2025

HIGH

CVSS v3

7.5

HIGH

EPSS Score

28.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog

Technical Details

CVSS v3 Vector
3.1
Published
3/4/2026
Last Modified
4/15/2026

Frequently Asked Questions

What is CVE-2026-2025?

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog

Is CVE-2026-2025 actively exploited?

Active exploitation of CVE-2026-2025 has not been confirmed. The EPSS score is 28.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2026-2025?

CVE-2026-2025 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.

Is CVE-2026-2025 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IPSearch CVEs
Back to CVE Database