Browse all 3 CVE security advisories affecting Zoho Flow. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Zoho Flow is an integration platform connecting various business applications to automate workflows. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. Security researchers have identified authentication bypass issues and improper input validation in its API endpoints. While no major public security incidents have been widely reported, the platform maintains a moderate CVE count with three records to date. Zoho Flow implements standard security practices like encryption and access controls, though its complex integrations create potential attack surfaces. Organizations should regularly update instances and monitor for new advisories given the platform's extensive third-party connections.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59568 | WordPress Zoho Flow Plugin <= 2.14.1 - Cross Site Request Forgery (CSRF) Vulnerability — Zoho FlowCWE-352 | 4.3 | Medium | 2025-09-22 |
| CVE-2025-31408 | WordPress Zoho Flow plugin <= 2.13.3 - Broken Access Control vulnerability — Zoho FlowCWE-862 | 4.3 | Medium | 2025-04-01 |
| CVE-2024-47334 | WordPress Zoho Flow for WordPress plugin <= 2.7.1 - SQL Injection vulnerability — Zoho FlowCWE-89 | 7.6 | High | 2024-10-09 |
This page lists every published CVE security advisory associated with Zoho Flow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.