What the vulnerability does
01Description
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
What the vulnerability does
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2.
Explanation of Vulnerability in Simple Terms
The Zoho Mail WordPress plugin before version 1.6.2 is vulnerable to cross-site request forgery (CSRF). An attacker can trick a logged-in site administrator into performing unintended actions, such as modifying plugin settings or configuration. The vulnerability requires the admin to visit a malicious webpage while authenticated to the WordPress site.
What an attacker can do
Trick a logged-in admin into changing plugin settings or configuration without their knowledge.
Potential impact on your site
Plugin settings could be altered maliciously, potentially affecting email functionality or site security.
Conditions required to exploit
Admin must be logged into WordPress and visit an attacker-controlled webpage.
Key dates
External resources
Related vulnerabilities