PatchSiren cyber security CVE debrief

CVE-2026-8174 Zohocorp CVE debrief

The Zoho Mail WordPress plugin contains a Cross-Site Request Forgery (CSRF) vulnerability in versions prior to 1.6.2. CSRF flaws allow attackers to trick authenticated users into performing unintended actions by submitting malicious requests using the victim's established session. The vulnerability is classified as MEDIUM severity with a CVSS 3.1 score of 5.7, indicating moderate risk with network attack vector, low attack complexity, required privileges, and user interaction needed. The confidentiality impact is none, but integrity impact is high, suggesting attackers could modify data or configurations without authorization. The underlying weakness is CWE-352 (Cross-Site Request Forgery). The CVE was published on May 26, 2026, and modified later the same day. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Vendor: Zohocorp
Product: Zoho Mail wordpress plugin
CVSS: MEDIUM 5.7
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-26
Original CVE updated: 2026-05-26
Advisory published: 2026-05-26
Advisory updated: 2026-05-26

Who should care

WordPress site administrators using the Zoho Mail plugin, security teams managing WordPress installations, and organizations relying on Zoho Mail integration for email functionality.

Technical summary

Cross-Site Request Forgery vulnerability in Zoho Mail WordPress plugin versions before 1.6.2 allows attackers to perform unauthorized actions on behalf of authenticated users. CVSS 3.1 score 5.7 (MEDIUM). Fixed in version 1.6.2.

Defensive priority

medium

Recommended defensive actions

Update the Zoho Mail WordPress plugin to version 1.6.2 or later immediately.
Verify plugin version through the WordPress admin dashboard under Plugins > Installed Plugins.
Implement additional CSRF protections at the web application firewall level for WordPress installations.
Review WordPress user roles and permissions to minimize privilege levels where possible.
Monitor WordPress audit logs for unauthorized configuration changes to email integration settings.

Evidence notes

Vulnerability confirmed through official CVE record and NVD entry. Affected product identified as Zoho Mail WordPress plugin with fixed version 1.6.2. CVSS vector confirms network-accessible attack with high integrity impact. Vendor attribution to Zohocorp based on CVE description.

Official resources

CVE-2026-8174 CVE record
CVE.org
CVE-2026-8174 NVD detail
NVD
Source item URL
nvd_modified
Source reference
0fc0942c-577d-436f-ae8e-945763c79b02

2026-05-26T14:16:41.107Z