SQL Injection Vulnerability in Catalyst Connect Zoho CRM Client Portal Plugin for WordPress
CVE-2025-5017
4.9MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2025-5017?
The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is susceptible to a time-based SQL injection attack via the 'uid' parameter in all versions up to and including 2.2.0. This vulnerability arises from inadequate escaping of user-supplied parameters and insufficient preparation of the SQL query. Authenticated attackers with Administrator-level access can exploit this flaw to execute arbitrary SQL queries, potentially leading to unauthorized access and exposure of sensitive data stored in the database.
Affected Version(s)
Catalyst Connect Zoho CRM Client Portal 0 <= 2.2.0