CVE-2026-27349
Sensitive Data Exposure in Mail Mint
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | mail_mint | From 1.0.0 (inc) to 1.19.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27349 is a vulnerability in the WordPress Mail Mint Plugin (versions 1.19.5 and below) that allows unauthorized exposure of sensitive system information. This means that malicious actors can retrieve embedded sensitive data that should normally be restricted.
The vulnerability has a low severity impact with a CVSS score of 4.3 and affects the plugin's functionality by exposing sensitive data to unauthorized parties.
How can this vulnerability impact me? :
This vulnerability can allow attackers to view sensitive information that is normally protected within the Mail Mint plugin. Such exposure could lead to information leakage, which may be exploited in larger scale attacks targeting multiple websites.
The impact is considered low severity, but it still poses a risk of unauthorized data disclosure that could compromise system confidentiality.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in the WordPress Mail Mint Plugin (versions 1.19.5 and below), users should immediately update the plugin to version 1.20.0, which contains the patch resolving this issue.
Alternatively, users can seek assistance from their hosting provider or web developer to apply the update or mitigation.
Patchstack users have the option to enable auto-updates for vulnerable plugins to ensure timely patching.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the Mail Mint plugin allows exposure of sensitive data to unauthorized parties, which could lead to non-compliance with data protection standards such as GDPR and HIPAA.
Since GDPR and HIPAA require protection of sensitive information from unauthorized access, this vulnerability poses a risk by potentially allowing malicious actors to access restricted sensitive data.
Organizations using affected versions of the plugin may face compliance issues if this vulnerability is exploited, emphasizing the importance of updating to the patched version 1.20.0.