Does Zoho Mail for WordPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Zoho Mail for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Zoho Mail for WordPress 1.6.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Zoho Mail for WordPress compatible with PHP 5.6+?

Zoho Mail for WordPress requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Zoho Mail for WordPress updated?

Zoho Mail for WordPress was last updated on Mar 24, 2026. Frequent updates are generally a positive security signal.

What is Zoho Mail for WordPress's security score?

Zoho Mail for WordPress has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Zoho Mail for WordPress Security & Risk Analysis

wordpress.org/plugins/zoho-mail

Zoho Mail Plugin lets you configure your Zoho Mail account on your WordPress site enabling you to send the email via Zoho Mail API.

20K active installs v1.6.3 PHP 5.6+ WP 4.8+ Updated Mar 24, 2026

emailmailmailerphpmailerwp_mail

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Zoho Mail for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Zoho Mail for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "zoho-mail" plugin version 1.6.2 demonstrates a strong security posture based on the provided static analysis and vulnerability history. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code analysis shows excellent practices regarding SQL queries, all of which utilize prepared statements, and a high percentage of output escaping, indicating a good defense against common injection and XSS vulnerabilities. The plugin also includes a healthy number of nonce and capability checks. The lack of any recorded vulnerabilities or CVEs further reinforces the impression of a secure plugin.

Vulnerabilities

None known

Zoho Mail for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Zoho Mail for WordPress Release Timeline

v1.6.3Current

v1.6.2

v1.6.1

v1.6.0

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

Code Analysis

Analyzed Mar 16, 2026

Zoho Mail for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

62 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

81% escaped77 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

zmail_integ_settings_callback (zohoMail.php:317)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Zoho Mail for WordPress Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_noticeszohoMail.php:75

actionadmin_enqueue_scriptszohoMail.php:91

actionwp_mail_failedzohoMail.php:103

actionadmin_menuzohoMail.php:171

Maintenance & Trust

Zoho Mail for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 24, 2026

PHP min version5.6

Downloads347K

Community Trust

Rating76/100

Number of ratings41

Active installs20K

Alternatives

Zoho Mail for WordPress Alternatives

WPO365 | MICROSOFT 365 GRAPH MAILER

wpo365-msgraphmailer

Send WordPress emails from a M365 / Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP

10K 1 CVE

Zoho ZeptoMail

transmail

Zoho ZeptoMail Plugin lets you configure your ZeptoMail account on your WordPress site enabling you to send transactional emails of your site via Zept …

5K 1 CVE

MailerSend – Official SMTP Integration

mailersend-official-smtp-integration

100

Improve your deliverability and avoid the spam box with MailerSend’s SMTP server. Check your analytics to improve your emails for better conversion!

2K No CVEs

SMTP.com

smtpcom

100

SMTP.com is a powerful and reliable SMTP delivery service that enables you to send and track high volume emails effortlessly.

80 No CVEs

Simple SMTP Mailer

simple-smtp-mailer

Simplifies local development by configuring WordPress to use SMTP instead of the PHP mail() function

20 No CVEs

Developer Profile

Zoho Mail for WordPress Developer Profile

Zoho Mail

4 plugins · 25K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

14 days

View full developer profile

Detection Fingerprints

How We Detect Zoho Mail for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zoho-mail/assets/css/style.css

Version Parameters

zoho-mail/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

zmail_integ_settings_pagezmail-troubleshoot

HTML Comments

Data Attributes

data-zmail-client-iddata-zmail-domaindata-zmail-client-secret

JS Globals

zm_zohomail_var

FAQ