Skip to main content

Zoho Mail Wordpress Plugin

1 CVEs product

Monthly

CVE-2026-8174 MEDIUM PATCH This Month

Cross-site request forgery in the Zoho Mail WordPress plugin (all versions before 1.6.2) enables a remote attacker to perform unauthorized, integrity-impacting actions on behalf of an authenticated WordPress user without their knowledge. The CVSS 5.7 medium score reflects high integrity impact with no confidentiality or availability exposure, requiring low-privilege victim authentication and user interaction. No public exploit code exists and no active exploitation has been identified; EPSS sits at the 1st percentile and SSVC classifies exploitation status as none.

WordPress CSRF Zoho Zoho Mail Wordpress Plugin
NVD
CVSS 3.1
5.7
EPSS
0.0%
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Cross-site request forgery in the Zoho Mail WordPress plugin (all versions before 1.6.2) enables a remote attacker to perform unauthorized, integrity-impacting actions on behalf of an authenticated WordPress user without their knowledge. The CVSS 5.7 medium score reflects high integrity impact with no confidentiality or availability exposure, requiring low-privilege victim authentication and user interaction. No public exploit code exists and no active exploitation has been identified; EPSS sits at the 1st percentile and SSVC classifies exploitation status as none.

WordPress CSRF Zoho +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy