A high-severity vulnerability has been identified in the Mail Mint plugin for WordPress, which could allow an attacker to take full control of an affected website. The flaw stems from a failure to validate file types during an import process, enabling a malicious actor to upload and execute code on the server. This could lead to data theft, website defacement, or further attacks originating from the compromised system.

The vulnerability exists within the process_contact_attribute_import function of the Mail Mint plugin. The function does not properly validate the types of files being uploaded, creating an arbitrary file upload vulnerability. An authenticated attacker, potentially with low-level privileges, could exploit this by crafting a request to upload a malicious file (e.g., a PHP web shell) disguised as a legitimate import file. Once uploaded to a web-accessible directory, the attacker can execute the file to achieve remote code execution on the server, leading to a complete compromise of the WordPress site.

This vulnerability is rated as High severity with a CVSS score of 7.2. Successful exploitation could have a significant negative impact on the business, leading to a complete compromise of the web server. Potential consequences include the theft of sensitive data such as customer information or internal documents, reputational damage from website defacement, and financial loss due to business disruption. Furthermore, a compromised server could be used as a platform to launch additional attacks against other systems, creating further legal and financial liabilities.

Immediate Action: Immediately update the Mail Mint plugin to the latest patched version provided by the vendor. After updating, verify that the patch has been successfully applied and the site is functioning correctly. If the plugin is no longer required for business operations, it should be deactivated and removed as a best practice to reduce the attack surface.

Proactive Monitoring: Monitor web server access logs for suspicious POST requests to the plugin's import functionality and look for attempts to upload files with executable extensions (e.g., .php, .phtml, .php5). Implement file integrity monitoring to detect the creation of unexpected files in web-accessible directories, particularly within the WordPress uploads folder. Monitor for unusual outbound network traffic from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to inspect file uploads and block malicious file types. Additionally, configure web server permissions to prevent the execution of scripts within the uploads directory. Consider temporarily disabling the contact import functionality within the plugin until a patch can be applied.

Public Exploit Available: false

Given the high severity of this vulnerability (CVSS 7.2) and its potential to allow for a full site compromise, immediate remediation is strongly recommended. Organizations using the affected Mail Mint plugin should prioritize applying the vendor-supplied update to mitigate the risk of exploitation. Before patching, a backup of the website should be created. After patching, administrators should review the system for any signs of compromise that may have occurred prior to the update.