PatchSiren

catalyst2020 CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM catalyst2020 CVE published 2026-07-11

CVE-2025-5017

The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0. This vulnerability allows authenticated attackers, with Administrator-level access and above, to append additional SQL queries into existing queries, potentially leading to sensitive information extraction from the database.