{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11967", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-20T15:11:14.944Z", "datePublished": "2025-11-08T09:28:11.511Z", "dateUpdated": "2026-04-08T17:24:41.225Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:41.225Z"}, "affected": [{"vendor": "getwpfunnels", "product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation & WooCommerce Emails", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.18.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf902756-21f3-483b-a5d8-a9b4226bde22?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3389643/mail-mint/tags/1.18.11/app/API/Actions/Admin/Contact/ContactImportAction.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Le Cong Danh"}], "timeline": [{"time": "2025-10-21T15:27:26.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-07T21:08:54.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-10T14:08:05.303014Z", "id": "CVE-2025-11967", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-10T14:13:37.397Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11967", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-10T14:08:05.303014Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-10T14:08:06.155Z"}}], "cna": {"title": "Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Le Cong Danh"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "getwpfunnels", "product": "Mail Mint \u2013 Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.18.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-21T15:27:26.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-07T21:08:54.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf902756-21f3-483b-a5d8-a9b4226bde22?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3389643/mail-mint/tags/1.18.11/app/API/Actions/Admin/Contact/ContactImportAction.php"}], "descriptions": [{"lang": "en", "value": "The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-11-08T09:28:11.511Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11967", "state": "PUBLISHED", "dateUpdated": "2025-11-10T14:13:37.397Z", "dateReserved": "2025-10-20T15:11:14.944Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-08T09:28:11.511Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "id": "CVE-2025-11967", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-08T10:15:40.643", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3389643/mail-mint/tags/1.18.11/app/API/Actions/Admin/Contact/ContactImportAction.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf902756-21f3-483b-a5d8-a9b4226bde22?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T00:37:00.069617+00:00", "value": {"mitigation_remediation": ["Upgrade the Mail Mint plugin to version\u202f1.18.11 or higher to apply the fixed file\u2011type validation logic.", "If an upgrade cannot be performed immediately, limit the use of the Import feature to only a small, trusted subset of administrators, and consider revoking unused editor or administrator accounts.", "Implement a web\u2011application firewall rule that blocks or scans file uploads to the plugin\u2019s import endpoint, rejecting files that are not plain text or expected data formats.", "If feasible, relocate or clean up the upload directory after confirming uploads, and set directory permissions so that files cannot be executed by the web server."], "summary": {"action": "Patch", "impact": "Authenticated Arbitrary File Upload with potential for Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in all versions of the Mail Mint plugin\u2014developed by getwpfunnels\u2014up to and including 1.18.10. Administrators or users with similar or higher privileges running the plugin under any WordPress installation are susceptible.", "description_and_impact": "The Mail Mint WordPress plugin is vulnerable because the process_contact_attribute_import function does not validate the type of files that an authenticated user, specifically those with Administrator-level privileges or higher, can upload. This omission allows an attacker to upload any file to the site\u2019s server, potentially introducing executable code. The weakness is covered by CWE\u2011434 and can lead to remote code execution if the attacker forges a malicious script or executable.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a high level of severity. The EPSS score is reported as less than 1\u202f%, suggesting that, while the vulnerability is serious, the probability that it will be actively exploited in the near term is low. Because exploitation requires authenticated access, attackers need to compromise an administrator account or use another admin\u2011level account, which mitigates the risk compared to a publicly exploitable flaw. The flaw is not listed in the CISA KEV catalog. The most probable attack vector is an administrator legitimately logged into the WordPress dashboard who performs the contact attribute import action."}}}}, "created": "2025-11-10T09:33:22.866372+00:00", "updated": "2026-04-22T00:45:04.156260+00:00", "vendors": ["getwpfunnels", "getwpfunnels$PRODUCT$mail_mint", "wordpress", "wordpress$PRODUCT$wordpress"]}