CVE-2025-58604 is a high-severity SQL Injection vulnerability (CWE-89) affecting the WPFunnels Mail Mint plugin, versions up to and including 1.18.5. SQL Injection vulnerabilities arise when user-supplied input is improperly sanitized or neutralized before being incorporated into SQL queries, allowing attackers to manipulate the query structure. In this case, the vulnerability allows an attacker with high privileges (PR:H) to remotely exploit the system over the network (AV:N) without requiring user interaction (UI:N). The vulnerability has a scope change (S:C), meaning the exploit can affect resources beyond the initially vulnerable component. The CVSS 3.1 base score is 7.6, indicating a high severity level. The impact vector shows that confidentiality is severely impacted (C:H), while integrity remains unaffected (I:N), and availability impact is low (A:L). This suggests that an attacker could extract sensitive data from the backend database but not modify or delete data or cause significant service disruption. The vulnerability requires authenticated access with high privileges, which limits exploitation to users who already have elevated permissions within the affected system. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on September 3, 2025, and affects the Mail Mint product by WPFunnels, a WordPress plugin used for email marketing and lead generation funnel management. Given the nature of the vulnerability, attackers could leverage it to extract sensitive customer or business data stored in the database, potentially leading to data breaches or privacy violations. The scope change indicates that the attack could impact other components or data stores beyond the immediate plugin context, increasing the risk profile.

For European organizations using WPFunnels Mail Mint, this vulnerability poses a significant risk to the confidentiality of sensitive data, including customer information, marketing data, and potentially internal business intelligence. Since the vulnerability requires high privilege authentication, the primary risk vector is insider threats or compromised administrator accounts. Exploitation could lead to unauthorized data disclosure, violating GDPR and other data protection regulations, which could result in substantial fines and reputational damage. The limited impact on integrity and availability reduces the risk of data tampering or service outages but does not eliminate the threat of data leakage. Organizations relying on this plugin for email marketing and lead funnel management may face operational disruptions if they need to disable or patch the plugin urgently. Additionally, the scope change means that exploitation could affect other integrated systems or databases, amplifying the impact. Given the widespread use of WordPress and associated plugins in Europe, especially among small and medium enterprises, the vulnerability could affect a broad range of sectors including retail, finance, and healthcare, where email marketing tools are prevalent.

1. Immediate mitigation should include restricting high privilege access to the Mail Mint plugin to only trusted administrators and monitoring for unusual database query patterns or access attempts. 2. Organizations should implement strict input validation and sanitization controls at the application level, even if patches are not yet available. 3. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the plugin's known endpoints. 4. Conduct thorough audits of user privileges to minimize the number of users with high-level access to the plugin and database. 5. Monitor logs for signs of SQL injection attempts or anomalous database queries. 6. Once a patch is released, prioritize immediate application of updates to the Mail Mint plugin. 7. Consider isolating the plugin's database access or using database user accounts with minimal privileges to limit the potential impact of exploitation. 8. Educate administrators on the risks of SQL injection and the importance of credential security to prevent privilege escalation or account compromise.