cleantalk
Vulnerabilities and Security Researches

ZeptoMail, CVE-2025-49028

CVE, Research URL

CVE-2025-49028

Home page URL

Security reports for ZeptoMail

Application

ZeptoMail

Published on
Dec 31, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through 3.3.1.
Affected versions
max 3.3.1.
Status
vulnerable
Previous vulnerability researches
ZeptoMail (CVE-2025-49028) , Jan 10, 2026
ZeptoMail (CVE-2025-67972) , May 23, 2026
New vulnerability
Alfie – Feed Plugin (CVE-2026-4070) , May 24, 2026
CBX 5 Star Rating & Review (CVE-2026-6864) , May 24, 2026
KIA Subtitle (CVE-2026-7509) , May 23, 2026
ZeptoMail (CVE-2025-67972) , May 23, 2026
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2026-27393) , May 23, 2026