CVE-2026-1447
📋 TL;DR
The Mail Mint WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to 1.19.2, allowing unauthenticated attackers to create or update contact notes by tricking administrators into clicking malicious links. This can lead to stored Cross-Site Scripting (XSS) due to missing sanitization and escaping. All WordPress sites using vulnerable Mail Mint plugin versions are affected.
💻 Affected Systems
- Mail Mint WordPress Plugin
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious scripts into contact notes that execute when viewed by administrators, potentially leading to site takeover, data theft, or malware distribution.
Likely Case
Attackers create or modify contact notes with malicious content that could deface the site, steal session cookies, or redirect users to malicious sites.
If Mitigated
With proper CSRF protections and input validation, the attack would fail, preventing unauthorized note modifications.
🎯 Exploit Status
Exploitation requires social engineering to trick an administrator into clicking a malicious link, but the technical complexity is low once the link is clicked.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.19.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Mail Mint plugin. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Disable Mail Mint Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate mail-mint
Implement CSRF Protection at Web Application Firewall
allConfigure WAF to block requests lacking proper nonce validation for Mail Mint endpoints.
🧯 If You Can't Patch
- Disable Mail Mint plugin immediately to eliminate risk.
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Mail Mint version. If version is 1.19.2 or lower, system is vulnerable.Check Version:
wp plugin get mail-mint --field=versionVerify Fix Applied:
After update, verify Mail Mint plugin version is 1.19.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-json/mail-mint/v1/contact/profile endpoint without proper referrer or nonce.
- Multiple failed nonce validation attempts in WordPress debug logs.
Network Indicators:
- HTTP requests to contact profile API endpoints without CSRF tokens from unexpected sources.
SIEM Query:
source="wordpress.log" AND "mail-mint" AND "contact/profile" AND status=200 AND NOT csrf_token=*🔗 References
- https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85
- https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105
- https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85
- https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105
- https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php?old=3032077&old_path=mail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactProfileAction.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae204-2848-4389-a78d-7b3798e4ee54?source=cve