Cross-Site Request Forgery Vulnerability in Mail Mint Plugin for WordPress
CVE-2026-1447

5.4MEDIUM

Key Information:

Vendor

WordPress
Status
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, And More
Vendor
CVE Published:
3 February 2026

What is CVE-2026-1447?

The Mail Mint plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the create_or_update_note function. This vulnerability allows unauthenticated attackers to manipulate contact notes by leveraging social engineering tactics to deceive site administrators into executing malicious actions, such as clicking on specially crafted links. Moreover, the absence of proper sanitization and escaping can lead to stored Cross-Site Scripting, exacerbating the potential impact of the attack.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more * <= 1.19.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/mail-mint/trun...
https://plugins.trac.wordpress.org/browser/mail-mint/tags...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bui Van Y
JSON
.