SQL Injection Vulnerability in Integration for Contact Form 7 by CRM Perks
CVE-2025-68590

Currently unrated

Key Information:

Vendor

WordPress
Status
Integration For Contact Form 7 Hubspot
Vendor
CVE Published:
24 December 2025

What is CVE-2025-68590?

The Integration for Contact Form 7 by CRM Perks is vulnerable to an SQL Injection attack, allowing attackers to manipulate SQL queries through improper handling of special elements. This vulnerability can potentially lead to unauthorized access to sensitive data by exploiting the integration functionalities of the plugin versions prior to 1.4.2.

Affected Version(s)

Integration for Contact Form 7 HubSpot <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/cf7-...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Offensive Labs | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68590 : SQL Injection Vulnerability in Integration for Contact Form 7 by CRM Perks