CVE-2026-27349
Deferred Deferred - Pending Action
Sensitive Data Exposure in Mail Mint

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2026-27349
EUVD
EUVD-2026-31249
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack mail_mint From 1.0.0 (inc) to 1.19.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27349 is a vulnerability in the WordPress Mail Mint Plugin (versions 1.19.5 and below) that allows unauthorized exposure of sensitive system information. This means that malicious actors can retrieve embedded sensitive data that should normally be restricted.

The vulnerability has a low severity impact with a CVSS score of 4.3 and affects the plugin's functionality by exposing sensitive data to unauthorized parties.

Impact Analysis

This vulnerability can allow attackers to view sensitive information that is normally protected within the Mail Mint plugin. Such exposure could lead to information leakage, which may be exploited in larger scale attacks targeting multiple websites.

The impact is considered low severity, but it still poses a risk of unauthorized data disclosure that could compromise system confidentiality.

Mitigation Strategies

To mitigate the vulnerability in the WordPress Mail Mint Plugin (versions 1.19.5 and below), users should immediately update the plugin to version 1.20.0, which contains the patch resolving this issue.

Alternatively, users can seek assistance from their hosting provider or web developer to apply the update or mitigation.

Patchstack users have the option to enable auto-updates for vulnerable plugins to ensure timely patching.

Compliance Impact

The vulnerability in the Mail Mint plugin allows exposure of sensitive data to unauthorized parties, which could lead to non-compliance with data protection standards such as GDPR and HIPAA.

Since GDPR and HIPAA require protection of sensitive information from unauthorized access, this vulnerability poses a risk by potentially allowing malicious actors to access restricted sensitive data.

Organizations using affected versions of the plugin may face compliance issues if this vulnerability is exploited, emphasizing the importance of updating to the patched version 1.20.0.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27349. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart