CVE-2026-2025

{"id": "CVE-2026-2025", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-04T06:16:11.297", "references": [{"url": "https://wpscan.com/vulnerability/1b815cde-cd9d-46fa-a6ab-3d2851705e7b/", "source": "contact@wpscan.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog"}, {"lang": "es", "value": "El plugin de WordPress Mail Mint anterior a 1.19.5 no tiene autorizaci\u00f3n en uno de sus endpoints de la API REST, lo que permite a usuarios no autenticados llamarlo y recuperar las direcciones de correo electr\u00f3nico de los usuarios del blog."}], "lastModified": "2026-03-04T18:16:29.953", "sourceIdentifier": "contact@wpscan.com"}