WP-Safety

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more Security & Risk Analysis

wordpress.org/plugins/mail-mint

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

6K active installs v1.19.5 PHP 7.4+ WP 5.8+ Updated Feb 10, 2026
email-automationemail-marketingnewsletterpost-notificationwoocommerce-emails
92
A · Safe
CVEs total8
Unpatched0
Last CVEMar 5, 2026
Plugin page Download
Safety Verdict

Is Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more Safe to Use in 2026?

Generally Safe

Score 92/100

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Mar 5, 2026Updated 1mo ago
Risk Assessment

The mail-mint plugin v1.20.0 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in several areas. The vast majority of SQL queries utilize prepared statements, output escaping is consistently applied, and there is a significant number of capability checks in place. Furthermore, all identified AJAX entry points appear to have authorization checks, and there are no identified REST API routes or shortcodes, which reduces the potential attack surface significantly. The absence of critical or high-severity vulnerabilities in the taint analysis is also reassuring.

However, there are areas of concern. The presence of the `unserialize` function, while not necessarily a vulnerability in itself, can be a risky function if not handled with extreme care, especially if the serialized data originates from user input. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths. This suggests a potential for subtle vulnerabilities that might not be immediately obvious or have been missed by static analysis alone. The plugin's history of vulnerabilities, including missing authorization, CSRF, SQL injection, and information exposure, is a significant red flag. While there are currently no unpatched CVEs, the frequency and types of past vulnerabilities indicate a recurring pattern of security weaknesses that warrant close attention.

In conclusion, while mail-mint v1.20.0 shows some good security development practices, its past vulnerability history and the presence of potentially risky functions like `unserialize` necessitate a cautious approach. The plugin's developers need to maintain vigilance in code reviews and testing to prevent future security incidents, particularly those related to authorization and input sanitization.

Key Concerns

  • Unsanitized paths identified in taint analysis
  • Presence of dangerous function 'unserialize'
  • Past high severity vulnerability (missing auth/CSRF/SQLi/info exposure)
  • Bundled library (Select2) potentially outdated
Vulnerabilities
8

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more Security Vulnerabilities

CVEs by Year

4 CVEs in 2025
2025
4 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
7

8 total CVEs

CVE-2026-2025medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more < 1.19.5 - Unauthenticated Information Disclosure

Mar 5, 2026 Patched in 1.19.5 (8d)
CVE-2026-23541medium · 5.3Missing Authorization

Mail Mint <= 1.19.4 - Missing Authorization

Feb 18, 2026 Patched in 1.19.5 (7d)
CVE-2026-1258medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints

Feb 13, 2026 Patched in 1.19.3 (1d)
CVE-2026-1447medium · 5.4Cross-Site Request Forgery (CSRF)

Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Feb 2, 2026 Patched in 1.19.3 (1d)
CVE-2025-11967high · 7.2Unrestricted Upload of File with Dangerous Type

Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload

Nov 7, 2025 Patched in 1.18.11 (1d)
CVE-2025-59570medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Mail Mint <= 1.18.6 - Authenticated (Administrator+) SQL Injection

Sep 22, 2025 Patched in 1.18.7 (5d)
CVE-2025-58604medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Mail Mint <= 1.18.5 - Authenticated (Administrator+) SQL Injection

Sep 3, 2025 Patched in 1.18.6 (9d)
CVE-2025-47541medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Mail Mint <= 1.17.7 - Unauthenticated Sensitive Information Exposure

May 7, 2025 Patched in 1.17.8 (7d)
Code Analysis
Analyzed Mar 16, 2026

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more Code Analysis

Dangerous Functions
3
Raw SQL Queries
31
731 prepared
Unescaped Output
15
264 escaped
Nonce Checks
5
Capability Checks
14
File Operations
12
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

unserialize$group_ids = isset( $get_group_id['group_ids'] ) ? unserialize( $get_group_id['group_ids'] ) : arapp\API\Actions\Frontend\FormAction.php:132
unserialize$email['email_json'] = unserialize( $email_json ); //phpcs:ignoreapp\Database\models\CampaignModel.php:548
unserialize$settings = unserialize( $settings ); //phpcs:ignoreapp\DataStores\Campaign.php:165

Bundled Libraries

Select2

SQL Query Safety

96% prepared762 total queries

Output Escaping

95% escaped279 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
send_async_ajax_request (app\Internal\Cron\BackgroundProcessHelper.php:205)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_mint_delete_promotional_bannerapp\Internal\Admin\Page\HomeScreen.php:49
authwp_ajax_show_form_markupapp\Internal\FormBuilder\FormBlock\MintFormBlock.php:36
WordPress Hooks 113
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:313
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:763
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:975
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1076
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1177
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1278
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1341
filtermint_automation_trigger_control_on_importapp\API\Actions\Admin\Contact\ContactImportAction.php:1415
filtermint_automation_trigger_control_on_importapp\API\Controllers\Admin\ContactController.php:500
filtermint_automation_trigger_control_on_importapp\API\Controllers\Admin\ContactController.php:680
filtermint_automation_trigger_control_on_importapp\API\Controllers\Admin\ContactController.php:850
actionrest_api_initapp\API\Server.php:38
actionplugins_loadedapp\App.php:94
actionplugins_loadedapp\App.php:126
actioninitapp\App.php:127
actionin_plugin_update_message-mail-mint/mail-mint.phpapp\App.php:128
actionadmin_initapp\App.php:129
actioninitapp\App.php:131
actionmail_mint_run_update_callbackapp\Database\Migrations\DatabaseMigrator.php:77
actioninitapp\Database\Migrations\DatabaseMigrator.php:78
actionwp_loadedapp\Internal\Actions\Hooks.php:33
actionwoocommerce_new_orderapp\Internal\Actions\Hooks.php:34
actionwoocommerce_order_status_changedapp\Internal\Actions\Hooks.php:35
actionadd_meta_boxesapp\Internal\Actions\Hooks.php:36
actionedd_view_order_details_sidebar_beforeapp\Internal\Actions\Hooks.php:37
filtermail_mint_free_activeapp\Internal\Actions\Hooks.php:38
actionupgrader_process_completeapp\Internal\Actions\Hooks.php:39
filterplugin_row_metaapp\Internal\Actions\Hooks.php:40
actionadmin_footerapp\Internal\Actions\Hooks.php:41
actioninitapp\Internal\Actions\Hooks.php:42
actioninitapp\Internal\Actions\Hooks.php:45
filtermint_merge_tag_fallbackapp\Internal\Actions\Hooks.php:46
actionwoocommerce_order_status_changedapp\Internal\Actions\Hooks.php:47
actionwoocommerce_refund_createdapp\Internal\Actions\Hooks.php:48
actioninitapp\Internal\Actions\Hooks.php:49
filtermint_wordpress_user_import_headersapp\Internal\Actions\Hooks.php:50
actionmailmint_after_delete_contactapp\Internal\Actions\Hooks.php:51
filterrocket_cache_reject_uriapp\Internal\Actions\Hooks.php:52
actionmailmint_delete_expired_couponsapp\Internal\Actions\Hooks.php:53
actioninitapp\Internal\Admin\AdminAssets.php:44
actionadmin_enqueue_scriptsapp\Internal\Admin\AdminAssets.php:45
actionadmin_noticesapp\Internal\Admin\Notices\DBUpgradeNotice.php:28
actionadmin_menuapp\Internal\Admin\Page\HomeScreen.php:41
actionadmin_headapp\Internal\Admin\Page\HomeScreen.php:42
actionadmin_headapp\Internal\Admin\Page\HomeScreen.php:48
filterdisplay_post_statesapp\Internal\Admin\Page\PageController.php:37
actionadmin_initapp\Internal\Admin\Setup-Wizard\SetupWizard.php:33
actionadmin_noticesapp\Internal\Admin\SpecialOccasionBanner.php:52
actionadmin_headapp\Internal\Admin\SpecialOccasionBanner.php:55
actionwoocommerce_admin_order_data_after_order_detailsapp\Internal\Admin\WooCommerce-Order\WooCommerceOrderDetails.php:35
actiondeleted_userapp\Internal\Admin\WP-User\WPUserDelete.php:35
actionmailmint_after_confirm_double_optinapp\Internal\Automation\AutomationManager.php:27
actionmailmint_after_email_openapp\Internal\Automation\AutomationManager.php:28
actionmailmint_after_email_clickapp\Internal\Automation\AutomationManager.php:29
actionmailmint_after_form_submitapp\Internal\Automation\Connectors\MintForm\Triggers\MintFormTriggers.php:37
actionmint_after_contact_creationapp\Internal\Automation\Connectors\MintForm\Triggers\MintFormTriggers.php:38
actiontransition_post_statusapp\Internal\Automation\Connectors\WP\Triggers\PostPublishedTriggers.php:68
actionmailmint_process_post_published_schedulerapp\Internal\Automation\Connectors\WP\Triggers\PostPublishedTriggers.php:69
actionuser_registerapp\Internal\Automation\Connectors\WP\Triggers\WordPressTriggers.php:34
actionwp_loginapp\Internal\Automation\Connectors\WP\Triggers\WordPressTriggers.php:35
actionwpfunnels_after_funnel_creationapp\Internal\Automation\Connectors\WPFunnels\Triggers\WPFunnelsTriggers.php:33
actionmailmint_campaign_emails_scheduling_completedapp\Internal\Cron\CampaignsBackgroundProcess.php:52
actionmailmint_single_email_scheduling_processedapp\Internal\Cron\CampaignsBackgroundProcess.php:53
actionmailmint_batch_email_sentapp\Internal\Cron\CampaignsBackgroundProcess.php:54
actionmailmint_campaign_email_sentapp\Internal\Cron\CampaignsBackgroundProcess.php:55
actionmailmint_after_campaign_startapp\Internal\Cron\CampaignsBackgroundProcess.php:56
actionmailmint_recover_stuck_emailsapp\Internal\Cron\CampaignsBackgroundProcess.php:60
actionwoocommerce_emailapp\Internal\EmailCustomization\WooCommerce\EmailTrigger.php:69
filterwoocommerce_mail_contentapp\Internal\EmailCustomization\WooCommerce\EmailTrigger.php:70
filterwoocommerce_email_recipient_customer_partially_refunded_orderapp\Internal\EmailCustomization\WooCommerce\EmailTrigger.php:90
filterhaet_mail_use_templateapp\Internal\EmailCustomization\WooCommerce\EmailTrigger.php:165
actioninitapp\Internal\FormBuilder\FormBlock\MintFormBlock.php:33
actioninitapp\Internal\FormBuilder\FormBlock\MintFormBlock.php:34
actionenqueue_block_editor_assetsapp\Internal\FormBuilder\FormBlock\MintFormBlock.php:35
actionadmin_enqueue_scriptsapp\Internal\FormBuilder\FormBuilderHelper.php:40
filterthe_contentapp\Internal\FormBuilder\FormBuilderHelper.php:42
actionwp_footerapp\Internal\FormBuilder\FormBuilderHelper.php:43
actioninitapp\Internal\FormBuilder\FormBuilderHelper.php:45
filtershow_admin_barapp\Internal\FormBuilder\FormBuilderHelper.php:395
actionwp_enqueue_scriptsapp\Internal\Frontend\FrontendAssets.php:34
actionwp_enqueue_scriptsapp\Internal\Frontend\FrontendAssets.php:35
filterwp_page_menu_argsapp\Internal\Frontend\HandleFrontendMenu.php:33
filterwp_get_nav_menu_itemsapp\Internal\Frontend\HandleFrontendMenu.php:34
actionuser_registerapp\Internal\Frontend\UserAssignContact.php:39
actionregister_formapp\Internal\Frontend\UserAssignContact.php:40
actioncomment_postapp\Internal\Frontend\UserAssignContact.php:41
actioncomment_form_field_commentapp\Internal\Frontend\UserAssignContact.php:42
actioncomment_form_after_fieldsapp\Internal\Frontend\UserAssignContact.php:43
actionwoocommerce_checkout_before_terms_and_conditionsapp\Internal\Frontend\WooCommerceCheckoutContact.php:50
actionwoocommerce_checkout_create_orderapp\Internal\Frontend\WooCommerceCheckoutContact.php:51
actionwoocommerce_new_orderapp\Internal\Frontend\WooCommerceCheckoutContact.php:52
filterwp_mailapp\Internal\Mailers\WPMailMailer.php:66
actioninitapp\Internal\Optin\OptinConfirmation.php:48
actioninitapp\Internal\Optin\UnsubscribeConfirmation.php:30
actioninitapp\Internal\Optin\UnsubscribeConfirmation.php:31
actionafter_setup_themeapp\Internal\Templates\TemplateHandler.php:33
filtertemplate_includeapp\Internal\Templates\TemplateHandler.php:34
filtertheme_page_templatesapp\Internal\Templates\TemplateHandler.php:44
actionmailmint_after_accept_consentapp\Internal\Tracking\EventTracker.php:55
actionmailmint_contact_list_viewedapp\Internal\Tracking\EventTracker.php:56
actionmailmint_campaign_createdapp\Internal\Tracking\EventTracker.php:57
actionmailmint_campaign_email_sentapp\Internal\Tracking\EventTracker.php:58
actionmailmint_campaign_analyticsapp\Internal\Tracking\EventTracker.php:59
actionmailmint_plugin_deactivatedapp\Internal\Tracking\EventTracker.php:60
actionmailmint_wc_abandoned_cart_automation_createdapp\Internal\Tracking\EventTracker.php:61
actionmailmint_automation_log_overall_analyticsapp\Internal\Tracking\EventTracker.php:62
actionmailmint_product_block_automation_emailapp\Internal\Tracking\EventTracker.php:63
actionmailmint_after_automation_send_mailapp\Internal\Tracking\EventTracker.php:64
actionmailmint_automation_after_added_to_listapp\Internal\Tracking\EventTracker.php:65
actioninitincludes\MailMint.php:268
actioninitincludes\MrmActivator.php:47
actioninitincludes\MrmActivator.php:48
actionmailmint_run_update_callbackincludes\MrmActivator.php:49
Maintenance & Trust

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 10, 2026
PHP min version7.4
Downloads358K

Community Trust

Rating94/100
Number of ratings126
Active installs6K
Alternatives

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs
Chirp – Instant Post Notifications

Chirp – Instant Post Notifications

chirp-instant-post-notifications

A
100

Chirp – Instant Post Notifications is a lightweight notification plugin that automatically notifies subscribers whenever a new post is published.

0 No CVEs
Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce

Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce

sender-net-automated-emails

A
99

Sender is an all-in-one email & SMS marketing platform designed keeping the challenges of ecommerce and small businesses in mind.

5K 2 CVEs
Developer Profile

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more Developer Profile

WPFunnels

3 plugins · 12K total installs

82
trust score
Avg Security Score
92/100
Avg Patch Time
75 days
View full developer profile
Detection Fingerprints

How We Detect Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mail-mint/assets/admin/dist/css/app.css/wp-content/plugins/mail-mint/assets/admin/dist/js/app.js/wp-content/plugins/mail-mint/assets/admin/js/editor.js/wp-content/plugins/mail-mint/assets/admin/js/gutenberg-editor.js/wp-content/plugins/mail-mint/assets/admin/js/tinymce-plugin.js/wp-content/plugins/mail-mint/assets/css/admin.css/wp-content/plugins/mail-mint/assets/js/admin.js
Script Paths
/wp-content/plugins/mail-mint/assets/admin/dist/js/app.js/wp-content/plugins/mail-mint/assets/admin/js/editor.js/wp-content/plugins/mail-mint/assets/admin/js/gutenberg-editor.js/wp-content/plugins/mail-mint/assets/admin/js/tinymce-plugin.js/wp-content/plugins/mail-mint/assets/js/admin.js
Version Parameters
mail-mint/assets/admin/dist/css/app.css?ver=mail-mint/assets/admin/dist/js/app.js?ver=mail-mint/assets/admin/js/editor.js?ver=mail-mint/assets/admin/js/gutenberg-editor.js?ver=mail-mint/assets/admin/js/tinymce-plugin.js?ver=mail-mint/assets/css/admin.css?ver=mail-mint/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mail-mint-content-editormail-mint-editormail-mint-editor-wrappermail-mint-text-editor
HTML Comments
<!-- Mail Mint --><!-- Mail Mint Form Builder --><!-- Mail Mint Email Editor --><!-- Mail Mint Email Template Builder -->
Data Attributes
data-mail-mint-editordata-mail-mint-form-builderdata-mail-mint-email-editordata-mail-mint-email-template-builder
JS Globals
mailmintMailMint
REST Endpoints
/wp-json/mailmint/v1/settings/wp-json/mailmint/v1/campaigns/wp-json/mailmint/v1/automations/wp-json/mailmint/v1/contacts
Shortcode Output
[mailmint_form][mailmint_subscribe_form][mailmint_unsubscribe_form][mailmint_campaign_content]
FAQ

Frequently Asked Questions about Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more