CVE Alert: CVE-2025-11967 – getwpfunnels – Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

Risk verdict

High risk of authenticated arbitrary file uploads enabling potential remote code execution on affected WordPress sites; urgency depends on credential security but patching should be prioritised.

Why this matters

Unauthorised file uploads by Admin+ users can place web shells or execute code on the server, risking site takeovers, data loss or leakage, and defacement. The impact scales with hosting environment and data sensitivity, and could affect ecommerce or customer communications powered by Mail Mint.

Most likely attack path

An attacker with Administrator-level access can exploit the upload flaw via the plugin’s import process, enabling arbitrary files to be written to the server. No user interaction is required beyond existing admin credentials; network access is assumed but preconditions include valid admin authentication within the WordPress admin scope. Lateral movement is limited to the application’s scope unless additional access exists through compromised credentials or other plugins.

Who is most exposed

Sites running Mail Mint <= 1.18.10 on WordPress, especially where admin credentials are weak or shared, and where plugin update cadence or security hygiene is poor.

Detection ideas

• New or renamed PHP/JS files appearing in the uploads directory after imports
• Unusual payloads uploaded during contact data imports
• Web server error logs showing code execution attempts or abnormal file writes
• Admin activity logs showing import actions outside normal maintenance windows
• Alerts for file types not expected in import workflows

Mitigation and prioritisation

• Update to the fixed version (or patch level recommended by the vendor) immediately; verify success via a test import
• If patching is delayed, disable Mail Mint or restrict import functionality until patching
• Enable strict file-type validation on uploads and deny PHP/JS in uploads folders; consider WAF rules to block dangerous file types
• Enforce least privilege for admin accounts and rotate credentials; review admin access and audit recent activity
• If KEV true or EPSS ≥ 0.5, treat as priority 1; otherwise treat as high-priority remediation with monitoring until patched.