Cross-Site Request Forgery Vulnerability in W3SC Elementor to Zoho CRM Plugin for WordPress
CVE-2026-9734
4.3MEDIUM
What is CVE-2026-9734?
The W3SC Elementor to Zoho CRM plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) attack, impacting all versions up to and including 2.2.0. This vulnerability arises from improper nonce verification in the storeInfo function. As a result, unauthenticated attackers can compromise Zoho CRM integration settings by submitting forged requests that change critical configurations—including data center, client ID, client secret, and user email credentials—if they manage to deceive a site administrator into executing a malicious action, such as clicking a link. It is essential for users to upgrade to the latest version and apply security best practices to mitigate the risk.
Affected Version(s)
W3SC Elementor to Zoho CRM 0 <= 2.2.0