CVE-2026-8174
Awaiting Analysis Awaiting Analysis - Queue
Cross-Site Request Forgery in Zoho Mail WordPress Plugin

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: ManageEngine

Description
Zohocorp Zoho Mail wordpress plugin is vulnerable toΒ Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-8174
EUVD
EUVD-2026-31811
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zoho zoho_mail to 1.6.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Zoho Mail WordPress plugin is a Cross-Site Request Forgery (CSRF) issue. This means that an attacker could trick a logged-in user into performing unwanted actions on the plugin without their consent.

Specifically, versions of the Zoho Mail WordPress plugin before 1.6.2 are affected by this vulnerability.

Compliance Impact

The provided information does not specify how the Cross-Site Request Forgery (CSRF) vulnerability in the Zoho Mail WordPress plugin affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

Because this is a CSRF vulnerability, an attacker could potentially cause a user to unknowingly execute actions within the Zoho Mail plugin on their WordPress site.

According to the CVSS score (5.7), the impact is moderate with a high impact on integrity but no impact on confidentiality or availability.

This could lead to unauthorized changes or actions within the plugin, potentially affecting email sending configurations or behavior.

Mitigation Strategies

To mitigate the Cross-Site Request Forgery (CSRF) vulnerability in the Zoho Mail WordPress plugin, you should update the plugin to version 1.6.2 or later, as this version addresses the security issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8174. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart