CVE-2025-11967

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mail Mint plugin for WordPress versions prior to 1.18.11

Description The Mail Mint plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the process contact attribute import function. This allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution.

Recommendations Update the Mail Mint plugin to version 1.18.11 or later.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-11967

Affected Products

Mail Mint

CVE-2025-11967

Weakness Enumeration

Related Identifiers

Affected Products

References · 8