CVE-2025-58604
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpfunnels | mail_mint | 1.18.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL Injection issue in the WordPress Mail Mint Plugin (versions up to 1.18.5). It allows a malicious user with administrator privileges to manipulate the plugin's database by injecting malicious SQL commands. This can lead to unauthorized access or theft of data stored in the database. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with admin rights to access or steal sensitive data from the plugin's database. This could compromise the confidentiality of your data and potentially disrupt the availability of the service, although the impact is considered low severity due to limited exploitation likelihood. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress Mail Mint plugin version is 1.18.5 or earlier, as these versions are affected. Since the vulnerability requires administrator privileges to exploit SQL Injection, monitoring for unusual database queries or unauthorized access attempts by admin users may help detect exploitation attempts. Specific commands are not provided in the resources, but verifying the plugin version can be done via WordPress CLI commands such as 'wp plugin list' to check the installed version of Mail Mint. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the WordPress Mail Mint plugin to version 1.18.6 or later, where the SQL Injection vulnerability is fixed. Additionally, Patchstack offers virtual patching (vPatching) that can auto-mitigate this and other vulnerabilities even before official patches are applied, which can be used as a temporary measure. [1]