Skip to main content

Catalyst Connect Zoho Crm Client Portal

2 CVEs product

Monthly

CVE-2025-5017 MEDIUM This Month

Time-based blind SQL injection in the Catalyst Connect Zoho CRM Client Portal WordPress plugin (all versions ≤ 2.2.0) enables authenticated administrators to exfiltrate arbitrary data from the underlying WordPress database via the unsanitized 'uid' parameter. The CVSS vector (PR:H) confirms exploitation requires administrator-level credentials, meaningfully constraining the attack surface. A public proof-of-concept is available on GitHub (BFS-Lab/BFSDV), and no confirmed patch version has been identified in available intelligence at time of analysis.

WordPress SQLi Zoho Catalyst Connect Zoho Crm Client Portal
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.3%
CVE-2022-44629 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Catalyst Connect Zoho Crm Client Portal
NVD
CVSS 3.1
4.8
EPSS
0.1%
EPSS 0% CVSS 4.9
MEDIUM This Month

Time-based blind SQL injection in the Catalyst Connect Zoho CRM Client Portal WordPress plugin (all versions ≤ 2.2.0) enables authenticated administrators to exfiltrate arbitrary data from the underlying WordPress database via the unsanitized 'uid' parameter. The CVSS vector (PR:H) confirms exploitation requires administrator-level credentials, meaningfully constraining the attack surface. A public proof-of-concept is available on GitHub (BFS-Lab/BFSDV), and no confirmed patch version has been identified in available intelligence at time of analysis.

WordPress SQLi Zoho +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Catalyst Connect Zoho Crm Client Portal
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy