EPSS
Percentile
27.7%
The plugin does not protect its settings_page action against CSRF attacks, allowing an attacker to update the plugin settings on their behalf by tricking a logged in admin to submit a crafted request.
patchstack.com/database/vulnerability/cf7-zoho/wordpress-integration-for-contact-form-7-and-zoho-crm-bigin-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability