CVE-2025-11967 is a vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) affecting the Mail Mint plugin for WordPress, which is used for newsletters, email marketing, automation, WooCommerce emails, and post notifications. The vulnerability arises from the lack of proper file type validation in the process_contact_attribute_import function, allowing authenticated users with administrator privileges to upload arbitrary files to the server. Since the plugin accepts file uploads without restricting dangerous file types, attackers can upload malicious scripts or executables that may lead to remote code execution (RCE). This vulnerability affects all versions up to and including 1.18.10. The CVSS 3.1 base score is 7.2, indicating a high severity level, with an attack vector of network (remote), low attack complexity, requiring high privileges (administrator), no user interaction, and impacting confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the potential for exploitation is significant due to the possibility of RCE. The vulnerability is particularly dangerous because it leverages administrative access, which is often limited but highly privileged, enabling attackers to fully compromise the affected WordPress site and potentially pivot to other network resources. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps by administrators.

The impact of CVE-2025-11967 is substantial for organizations using the Mail Mint plugin on WordPress sites. Successful exploitation allows attackers with administrator access to upload arbitrary files, potentially leading to remote code execution. This can result in full site compromise, data theft, defacement, or use of the server as a pivot point for further attacks within the network. Confidentiality is at risk due to unauthorized data access; integrity is compromised by the ability to alter site content or configurations; availability can be disrupted by malicious payloads or denial-of-service conditions. E-commerce sites using WooCommerce integration are particularly vulnerable to financial fraud or customer data breaches. The requirement for administrator privileges limits the attack surface but does not eliminate risk, especially in environments with multiple administrators or where credentials may be compromised. The absence of known exploits in the wild reduces immediate threat but does not preclude future attacks, especially once exploit code becomes available. Organizations worldwide relying on this plugin for marketing and transactional emails face operational and reputational risks if exploited.

To mitigate CVE-2025-11967, organizations should immediately audit and restrict administrator-level access to trusted personnel only, employing strong authentication mechanisms such as multi-factor authentication (MFA). Monitor file upload activities and server directories for unusual or unauthorized files, especially scripts or executables. Disable or restrict the process_contact_attribute_import function if possible until a patch is available. Implement web application firewalls (WAFs) with rules to detect and block suspicious file uploads or payloads targeting this vulnerability. Regularly back up website data and configurations to enable rapid recovery in case of compromise. Stay informed about updates from the plugin vendor and apply patches promptly once released. Consider isolating WordPress environments and limiting plugin usage to reduce attack surface. Employ security plugins that enforce file type validation and scanning. Conduct periodic security assessments and penetration tests focusing on file upload functionalities. Finally, educate administrators on the risks of arbitrary file uploads and the importance of secure plugin management.