CVE-2025-5017
Received Received - Intake

Time-Based SQL Injection in Catalyst Connect Zoho CRM Client Portal WordPress Plugin

Vulnerability report for CVE-2025-5017, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: Wordfence

Description

The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the β€˜uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
catalyst2020 catalyst_connect_zoho_crm_client_portal to 2.2.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The Catalyst Connect Zoho CRM Client Portal plugin for WordPress, up to version 2.2.0, is vulnerable to a time-based SQL Injection through the 'uid' parameter. This happens because the plugin does not properly escape or prepare the user-supplied 'uid' parameter before including it in SQL queries. As a result, authenticated users with Administrator-level access or higher can append malicious SQL code to existing queries, potentially extracting sensitive data from the database.

Specifically, the vulnerability exists because the 'uid' parameter is passed via the GET method and directly concatenated into SQL queries without proper sanitization in the plugin's code, particularly in the header.php file under the pages/admin/usersManagement/details path.

Impact Analysis

This vulnerability allows authenticated attackers with Administrator-level access or higher to perform time-based SQL Injection attacks. They can manipulate SQL queries to extract sensitive information from the database that they should not normally have access to.

  • Extraction of sensitive data from the database.
  • Potential exposure of confidential user or business information.
  • Compromise of data integrity due to unauthorized query manipulation.
Detection Guidance

This SQL injection vulnerability can be detected by testing the 'uid' parameter in the URL path /wp-admin/admin.php?page=usersmanagement&action=userdetails&uid=1 for SQL injection flaws.

Tools like sqlmap can be used to verify the vulnerability by sending crafted requests to this endpoint and checking for time-based SQL injection responses.

  • Use sqlmap with a command similar to: sqlmap -u "http://target-site/wp-admin/admin.php?page=usersmanagement&action=userdetails&uid=1" --cookie="<your_auth_cookies>" --risk=3 --level=5 --technique=T
Mitigation Strategies

Immediate mitigation steps include restricting access to the affected plugin's administrative pages to only trusted administrators and disabling or uninstalling the Catalyst Connect Zoho CRM Client Portal plugin until a secure version is available.

Since the plugin has been closed and is temporarily unavailable for download pending review, removing or disabling it reduces the attack surface.

Additionally, monitor and restrict administrator-level access to prevent exploitation by authenticated users.

Compliance Impact

The vulnerability allows authenticated attackers with Administrator-level access to perform time-based SQL Injection via the 'uid' parameter, enabling extraction of sensitive information from the database.

This exposure of sensitive data could potentially lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require adequate protection of personal and sensitive information.

However, the provided context and resources do not explicitly discuss the impact of this vulnerability on compliance with these or other common standards and regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5017. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart