MEDIUM
catalyst2020
CVE published 2026-07-11
CVE-2025-5017
The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0. This vulnerability allows authenticated attackers, with Administrator-level access and above, to append additional SQL queries into existing queries, potentially leading to sensitive information extraction from the database.