CVE-2026-8174 | THREATINT

Description

Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2.

PUBLISHED Reserved 2026-05-08 | Published 2026-05-26 | Updated 2026-05-26 | Assigner Zohocorp

MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Problem types

CWE-352 Cross-Site request forgery (CSRF)

Product status

Default status

unaffected

Any version before 1.6.2

affected

References

wordpress.org/plugins/zoho-mail/

cve.org (CVE-2026-8174)

nvd.nist.gov (CVE-2026-8174)

Download JSON