WP-Safety

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Security & Risk Analysis

wordpress.org/plugins/mail-mint

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

5K active installs v1.21.0 PHP 7.4+ WP 5.8+ Updated Apr 13, 2026
crmemail-automationemail-marketingnewsletterwoocommerce-emails
92
A · Safe
CVEs total8
Unpatched0
Last CVEMar 5, 2026
Plugin page Download
Safety Verdict

Is Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Safe to Use in 2026?

Generally Safe

Score 92/100

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

8 known CVEsLast CVE: Mar 5, 2026Updated 1mo ago
Risk Assessment

The mail-mint plugin v1.20.0 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in several areas. The vast majority of SQL queries utilize prepared statements, output escaping is consistently applied, and there is a significant number of capability checks in place. Furthermore, all identified AJAX entry points appear to have authorization checks, and there are no identified REST API routes or shortcodes, which reduces the potential attack surface significantly. The absence of critical or high-severity vulnerabilities in the taint analysis is also reassuring.

However, there are areas of concern. The presence of the `unserialize` function, while not necessarily a vulnerability in itself, can be a risky function if not handled with extreme care, especially if the serialized data originates from user input. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths. This suggests a potential for subtle vulnerabilities that might not be immediately obvious or have been missed by static analysis alone. The plugin's history of vulnerabilities, including missing authorization, CSRF, SQL injection, and information exposure, is a significant red flag. While there are currently no unpatched CVEs, the frequency and types of past vulnerabilities indicate a recurring pattern of security weaknesses that warrant close attention.

In conclusion, while mail-mint v1.20.0 shows some good security development practices, its past vulnerability history and the presence of potentially risky functions like `unserialize` necessitate a cautious approach. The plugin's developers need to maintain vigilance in code reviews and testing to prevent future security incidents, particularly those related to authorization and input sanitization.

Key Concerns

  • Unsanitized paths identified in taint analysis
  • Presence of dangerous function 'unserialize'
  • Past high severity vulnerability (missing auth/CSRF/SQLi/info exposure)
  • Bundled library (Select2) potentially outdated
Vulnerabilities
8 published

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Security Vulnerabilities

CVEs by Year

4 CVEs in 2025
2025
4 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
7

8 total CVEs

CVE-2026-2025medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more < 1.19.5 - Unauthenticated Information Disclosure

Mar 5, 2026 Patched in 1.19.5 (8d)
CVE-2026-23541medium · 5.3Missing Authorization

Mail Mint <= 1.19.4 - Missing Authorization

Feb 18, 2026 Patched in 1.19.5 (7d)
CVE-2026-1258medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints

Feb 13, 2026 Patched in 1.19.3 (1d)
CVE-2026-1447medium · 5.4Cross-Site Request Forgery (CSRF)

Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Feb 2, 2026 Patched in 1.19.3 (1d)
CVE-2025-11967high · 7.2Unrestricted Upload of File with Dangerous Type

Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload

Nov 7, 2025 Patched in 1.18.11 (1d)
CVE-2025-59570medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Mail Mint <= 1.18.6 - Authenticated (Administrator+) SQL Injection

Sep 22, 2025 Patched in 1.18.7 (5d)
CVE-2025-58604medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Mail Mint <= 1.18.5 - Authenticated (Administrator+) SQL Injection

Sep 3, 2025 Patched in 1.18.6 (9d)
CVE-2025-47541medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Mail Mint <= 1.17.7 - Unauthenticated Sensitive Information Exposure

May 7, 2025 Patched in 1.17.8 (7d)
Version History

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Release Timeline

v1.21.0Current
v1.20.1
v1.20.0
v1.19.5
v1.19.42 CVEs
CVE-2026-23541 CVE-2026-2025
v1.19.32 CVEs
CVE-2026-23541 CVE-2026-2025
v1.19.24 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2026-1258 +1 more
v1.19.14 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2026-1258 +1 more
v1.19.04 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2026-1258 +1 more
v1.18.134 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2026-1258 +1 more
v1.18.124 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2026-1258 +1 more
v1.18.114 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2026-1258 +1 more
v1.18.105 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2025-11967 +2 more
v1.18.95 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2025-11967 +2 more
v1.18.85 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2025-11967 +2 more
v1.18.75 CVEs
CVE-2026-23541 CVE-2026-2025 CVE-2025-11967 +2 more
v1.18.66 CVEs
CVE-2025-59570 CVE-2026-23541 CVE-2026-2025 +3 more
v1.18.57 CVEs
CVE-2025-58604 CVE-2025-59570 CVE-2026-23541 +4 more
v1.18.47 CVEs
CVE-2025-58604 CVE-2025-59570 CVE-2026-23541 +4 more
v1.18.37 CVEs
CVE-2025-58604 CVE-2025-59570 CVE-2026-23541 +4 more
Code Analysis
Analyzed Mar 16, 2026

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Code Analysis

Dangerous Functions
3
Raw SQL Queries
31
731 prepared
Unescaped Output
15
264 escaped
Nonce Checks
5
Capability Checks
14
File Operations
12
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

unserialize$group_ids = isset( $get_group_id['group_ids'] ) ? unserialize( $get_group_id['group_ids'] ) : arapp\API\Actions\Frontend\FormAction.php:132
unserialize$email['email_json'] = unserialize( $email_json ); //phpcs:ignoreapp\Database\models\CampaignModel.php:548
unserialize$settings = unserialize( $settings ); //phpcs:ignoreapp\DataStores\Campaign.php:165

Bundled Libraries

Select2

SQL Query Safety

96% prepared762 total queries

Output Escaping

95% escaped279 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
send_async_ajax_request (app\Internal\Cron\BackgroundProcessHelper.php:205)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_mint_delete_promotional_bannerapp\Internal\Admin\Page\HomeScreen.php:49
authwp_ajax_show_form_markupapp\Internal\FormBuilder\FormBlock\MintFormBlock.php:36
WordPress Hooks 113
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:313
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:763
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:975
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1076
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1177
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1278
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1341
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1415
filtermint_automation_trigger_control_on_importapp\API\Controllers\Admin\ContactController.php:500
filtermint_automation_trigger_control_on_importapp\API\Controllers\Admin\ContactController.php:680
filtermint_automation_trigger_control_on_importapp\API\Controllers\Admin\ContactController.php:850
actionrest_api_initapp\API\Server.php:38
actionplugins_loadedapp\App.php:94
actionplugins_loadedapp\App.php:126
actioninitapp\App.php:127
actionin_plugin_update_message-mail-mint/mail-mint.phpapp\App.php:128
actionadmin_initapp\App.php:129
actioninitapp\App.php:131
actionmail_mint_run_update_callbackapp\Database\Migrations\DatabaseMigrator.php:77
actioninitapp\Database\Migrations\DatabaseMigrator.php:78
actionwp_loadedapp\Internal\Actions\Hooks.php:33
actionwoocommerce_new_orderapp\Internal\Actions\Hooks.php:34
actionwoocommerce_order_status_changedapp\Internal\Actions\Hooks.php:35
actionadd_meta_boxesapp\Internal\Actions\Hooks.php:36
actionedd_view_order_details_sidebar_beforeapp\Internal\Actions\Hooks.php:37
filtermail_mint_free_activeapp\Internal\Actions\Hooks.php:38
actionupgrader_process_completeapp\Internal\Actions\Hooks.php:39
filterplugin_row_metaapp\Internal\Actions\Hooks.php:40
actionadmin_footerapp\Internal\Actions\Hooks.php:41
actioninitapp\Internal\Actions\Hooks.php:42
actioninitapp\Internal\Actions\Hooks.php:45
filtermint_merge_tag_fallbackapp\Internal\Actions\Hooks.php:46
actionwoocommerce_order_status_changedapp\Internal\Actions\Hooks.php:47
actionwoocommerce_refund_createdapp\Internal\Actions\Hooks.php:48
actioninitapp\Internal\Actions\Hooks.php:49
filtermint_wordpress_user_import_headersapp\Internal\Actions\Hooks.php:50
actionmailmint_after_delete_contactapp\Internal\Actions\Hooks.php:51
filterrocket_cache_reject_uriapp\Internal\Actions\Hooks.php:52
actionmailmint_delete_expired_couponsapp\Internal\Actions\Hooks.php:53
actioninitapp\Internal\Admin\AdminAssets.php:44
actionadmin_enqueue_scriptsapp\Internal\Admin\AdminAssets.php:45
actionadmin_noticesapp\Internal\Admin\Notices\DBUpgradeNotice.php:28
actionadmin_menuapp\Internal\Admin\Page\HomeScreen.php:41
actionadmin_headapp\Internal\Admin\Page\HomeScreen.php:42
actionadmin_headapp\Internal\Admin\Page\HomeScreen.php:48
filterdisplay_post_statesapp\Internal\Admin\Page\PageController.php:37
actionadmin_initapp\Internal\Admin\Setup-Wizard\SetupWizard.php:33
actionadmin_noticesapp\Internal\Admin\SpecialOccasionBanner.php:52
actionadmin_headapp\Internal\Admin\SpecialOccasionBanner.php:55
actionwoocommerce_admin_order_data_after_order_detailsapp\Internal\Admin\WooCommerce-Order\WooCommerceOrderDetails.php:35
actiondeleted_userapp\Internal\Admin\WP-User\WPUserDelete.php:35
actionmailmint_after_confirm_double_optinapp\Internal\Automation\AutomationManager.php:27
actionmailmint_after_email_openapp\Internal\Automation\AutomationManager.php:28
actionmailmint_after_email_clickapp\Internal\Automation\AutomationManager.php:29
actionmailmint_after_form_submitapp\Internal\Automation\Connectors\MintForm\Triggers\MintFormTriggers.php:37
actionmint_after_contact_creationapp\Internal\Automation\Connectors\MintForm\Triggers\MintFormTriggers.php:38
actiontransition_post_statusapp\Internal\Automation\Connectors\WP\Triggers\PostPublishedTriggers.php:68
actionmailmint_process_post_published_schedulerapp\Internal\Automation\Connectors\WP\Triggers\PostPublishedTriggers.php:69
actionuser_registerapp\Internal\Automation\Connectors\WP\Triggers\WordPressTriggers.php:34
actionwp_loginapp\Internal\Automation\Connectors\WP\Triggers\WordPressTriggers.php:35
actionwpfunnels_after_funnel_creationapp\Internal\Automation\Connectors\WPFunnels\Triggers\WPFunnelsTriggers.php:33
actionmailmint_campaign_emails_scheduling_completedapp\Internal\Cron\CampaignsBackgroundProcess.php:52
actionmailmint_single_email_scheduling_processedapp\Internal\Cron\CampaignsBackgroundProcess.php:53
actionmailmint_batch_email_sentapp\Internal\Cron\CampaignsBackgroundProcess.php:54
actionmailmint_campaign_email_sentapp\Internal\Cron\CampaignsBackgroundProcess.php:55
actionmailmint_after_campaign_startapp\Internal\Cron\CampaignsBackgroundProcess.php:56
actionmailmint_recover_stuck_emailsapp\Internal\Cron\CampaignsBackgroundProcess.php:60
actionwoocommerce_emailapp\Internal\EmailCustomization\WooCommerce\EmailTrigger.php:69
filterwoocommerce_mail_contentapp\Internal\EmailCustomization\WooCommerce\EmailTrigger.php:70
filterwoocommerce_email_recipient_customer_partially_refunded_orderapp\Internal\EmailCustomization\WooCommerce\EmailTrigger.php:90
filterhaet_mail_use_templateapp\Internal\EmailCustomization\WooCommerce\EmailTrigger.php:165
actioninitapp\Internal\FormBuilder\FormBlock\MintFormBlock.php:33
actioninitapp\Internal\FormBuilder\FormBlock\MintFormBlock.php:34
actionenqueue_block_editor_assetsapp\Internal\FormBuilder\FormBlock\MintFormBlock.php:35
actionadmin_enqueue_scriptsapp\Internal\FormBuilder\FormBuilderHelper.php:40
filterthe_contentapp\Internal\FormBuilder\FormBuilderHelper.php:42
actionwp_footerapp\Internal\FormBuilder\FormBuilderHelper.php:43
actioninitapp\Internal\FormBuilder\FormBuilderHelper.php:45
filtershow_admin_barapp\Internal\FormBuilder\FormBuilderHelper.php:395
actionwp_enqueue_scriptsapp\Internal\Frontend\FrontendAssets.php:34
actionwp_enqueue_scriptsapp\Internal\Frontend\FrontendAssets.php:35
filterwp_page_menu_argsapp\Internal\Frontend\HandleFrontendMenu.php:33
filterwp_get_nav_menu_itemsapp\Internal\Frontend\HandleFrontendMenu.php:34
actionuser_registerapp\Internal\Frontend\UserAssignContact.php:39
actionregister_formapp\Internal\Frontend\UserAssignContact.php:40
actioncomment_postapp\Internal\Frontend\UserAssignContact.php:41
actioncomment_form_field_commentapp\Internal\Frontend\UserAssignContact.php:42
actioncomment_form_after_fieldsapp\Internal\Frontend\UserAssignContact.php:43
actionwoocommerce_checkout_before_terms_and_conditionsapp\Internal\Frontend\WooCommerceCheckoutContact.php:50
actionwoocommerce_checkout_create_orderapp\Internal\Frontend\WooCommerceCheckoutContact.php:51
actionwoocommerce_new_orderapp\Internal\Frontend\WooCommerceCheckoutContact.php:52
filterwp_mailapp\Internal\Mailers\WPMailMailer.php:66
actioninitapp\Internal\Optin\OptinConfirmation.php:48
actioninitapp\Internal\Optin\UnsubscribeConfirmation.php:30
actioninitapp\Internal\Optin\UnsubscribeConfirmation.php:31
actionafter_setup_themeapp\Internal\Templates\TemplateHandler.php:33
filtertemplate_includeapp\Internal\Templates\TemplateHandler.php:34
filtertheme_page_templatesapp\Internal\Templates\TemplateHandler.php:44
actionmailmint_after_accept_consentapp\Internal\Tracking\EventTracker.php:55
actionmailmint_contact_list_viewedapp\Internal\Tracking\EventTracker.php:56
actionmailmint_campaign_createdapp\Internal\Tracking\EventTracker.php:57
actionmailmint_campaign_email_sentapp\Internal\Tracking\EventTracker.php:58
actionmailmint_campaign_analyticsapp\Internal\Tracking\EventTracker.php:59
actionmailmint_plugin_deactivatedapp\Internal\Tracking\EventTracker.php:60
actionmailmint_wc_abandoned_cart_automation_createdapp\Internal\Tracking\EventTracker.php:61
actionmailmint_automation_log_overall_analyticsapp\Internal\Tracking\EventTracker.php:62
actionmailmint_product_block_automation_emailapp\Internal\Tracking\EventTracker.php:63
actionmailmint_after_automation_send_mailapp\Internal\Tracking\EventTracker.php:64
actionmailmint_automation_after_added_to_listapp\Internal\Tracking\EventTracker.php:65
actioninitincludes\MailMint.php:268
actioninitincludes\MrmActivator.php:47
actioninitincludes\MrmActivator.php:48
actionmailmint_run_update_callbackincludes\MrmActivator.php:49
Maintenance & Trust

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version7.4
Downloads368K

Community Trust

Rating94/100
Number of ratings126
Active installs5K
Alternatives

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, post notifications, optins & emails for WooCommerce.

10K 6 CVEs
MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

mailerpress

A
99

Email marketing and newsletter plugin for WordPress. Create email campaigns, grow subscribers, automate emails, and customize WooCommerce emails.

900 1 CVE
SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

surecontact

A
100

Send newsletters, set up email automations, manage contacts and track ecommerce revenue in a CRM for WordPress.

700 No CVEs
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

A
96

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs
Developer Profile

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Developer Profile

WPFunnels

3 plugins · 11K total installs

82
trust score
Avg Security Score
91/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mail-mint/assets/admin/dist/css/app.css/wp-content/plugins/mail-mint/assets/admin/dist/js/app.js/wp-content/plugins/mail-mint/assets/admin/js/editor.js/wp-content/plugins/mail-mint/assets/admin/js/gutenberg-editor.js/wp-content/plugins/mail-mint/assets/admin/js/tinymce-plugin.js/wp-content/plugins/mail-mint/assets/css/admin.css/wp-content/plugins/mail-mint/assets/js/admin.js
Script Paths
/wp-content/plugins/mail-mint/assets/admin/dist/js/app.js/wp-content/plugins/mail-mint/assets/admin/js/editor.js/wp-content/plugins/mail-mint/assets/admin/js/gutenberg-editor.js/wp-content/plugins/mail-mint/assets/admin/js/tinymce-plugin.js/wp-content/plugins/mail-mint/assets/js/admin.js
Version Parameters
mail-mint/assets/admin/dist/css/app.css?ver=mail-mint/assets/admin/dist/js/app.js?ver=mail-mint/assets/admin/js/editor.js?ver=mail-mint/assets/admin/js/gutenberg-editor.js?ver=mail-mint/assets/admin/js/tinymce-plugin.js?ver=mail-mint/assets/css/admin.css?ver=mail-mint/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mail-mint-content-editormail-mint-editormail-mint-editor-wrappermail-mint-text-editor
HTML Comments
<!-- Mail Mint --><!-- Mail Mint Form Builder --><!-- Mail Mint Email Editor --><!-- Mail Mint Email Template Builder -->
Data Attributes
data-mail-mint-editordata-mail-mint-form-builderdata-mail-mint-email-editordata-mail-mint-email-template-builder
JS Globals
mailmintMailMint
REST Endpoints
/wp-json/mailmint/v1/settings/wp-json/mailmint/v1/campaigns/wp-json/mailmint/v1/automations/wp-json/mailmint/v1/contacts
Shortcode Output
[mailmint_form][mailmint_subscribe_form][mailmint_unsubscribe_form][mailmint_campaign_content]
FAQ

Frequently Asked Questions about Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails