This vulnerability in WPFunnels Mail Mint (<= 1.18.5) involves improper neutralization of special elements used in SQL commands, commonly known as SQL Injection. The issue allows an attacker with high privileges to execute crafted SQL commands that could compromise the confidentiality of data and cause limited availability impact. The CVSS vector indicates network attack vector, low attack complexity, required privileges, no user interaction, and scope change. No patch or remediation details are currently available.

Successful exploitation could lead to unauthorized disclosure of sensitive information (confidentiality impact is high) and limited disruption of service (availability impact is low). Integrity impact is not indicated. The vulnerability requires the attacker to have high privileges, which limits the attack surface but still poses a serious risk if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected application to trusted users only and monitor for suspicious activity. Avoid exposing the vulnerable version to untrusted networks. Do not assume the vulnerability is mitigated without vendor confirmation.