CVE-2025-5017 in Catalyst Connect Zoho CRM Client Portal Plugin
Summary
by MITRE • 07/11/2026
The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/11/2026
The Catalyst Connect Zoho CRM Client Portal plugin for WordPress presents a critical time-based sql injection vulnerability that affects all versions up to and including 220. This security flaw resides in the handling of the uid parameter within the plugin's codebase, demonstrating poor input validation and sanitization practices. The vulnerability stems from insufficient escaping of user-supplied parameters combined with inadequate preparation of existing sql queries, creating an exploitable condition that can be leveraged by authenticated attackers with administrator-level privileges or higher.
The technical implementation of this vulnerability allows malicious actors to manipulate the sql query execution flow by appending additional sql statements to existing queries through the uid parameter. This time-based injection technique enables attackers to infer database contents through timing variations in query responses, making it particularly dangerous as it can be exploited without requiring direct output display from the database. The flaw operates within the context of authenticated access, meaning that only users with administrator-level permissions or equivalent privileges can exploit this vulnerability, but the impact remains severe given the elevated access rights required.
From an operational perspective, this vulnerability creates significant risk for wordpress installations using the affected plugin version, as it provides attackers with the capability to extract sensitive information from the underlying database. The attack vector requires minimal privileges compared to other sql injection vulnerabilities, making it particularly attractive to threat actors who may have already gained foothold through other means. Successful exploitation could result in unauthorized access to user credentials, personal information, and potentially lead to full system compromise through lateral movement or privilege escalation within the wordpress environment.
The vulnerability aligns with common weakness enumeration CWE-89 which classifies sql injection flaws as persistent security issues arising from inadequate input validation and sanitization of user-supplied data. From an attack framework perspective, this vulnerability maps to multiple ATT&CK techniques including credential access through database dumping and privilege escalation via compromised administrative accounts. Organizations should immediately implement mitigation strategies including patching to the latest plugin version, implementing proper input validation mechanisms, and conducting thorough security audits of all wordpress plugins to identify similar vulnerabilities. Additionally, network monitoring should be enhanced to detect potential exploitation attempts through unusual timing patterns in database requests, while access controls should be strictly enforced to limit administrative privileges to only essential personnel.
The security implications extend beyond immediate data theft, as successful exploitation could enable attackers to modify or delete critical database records, install backdoors, or use stolen credentials to access other interconnected systems. This vulnerability represents a classic example of how insufficient input validation can create severe security consequences, emphasizing the importance of proper sql query preparation and parameterization in web application development practices. Organizations should also consider implementing web application firewalls and database activity monitoring solutions as additional protective measures against similar attack vectors.