{"id":54344,"date":"2025-06-23T11:26:30","date_gmt":"2025-06-23T11:26:30","guid":{"rendered":""},"modified":"2025-07-03T05:46:20","modified_gmt":"2025-07-03T11:46:20","slug":"cve-2025-24773-sql-injection-vulnerability-in-wpcrm-crm-for-contact-form-cf7-woocommerce","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-24773-sql-injection-vulnerability-in-wpcrm-crm-for-contact-form-cf7-woocommerce\/","title":{"rendered":"CVE-2025-24773: SQL Injection Vulnerability in WPCRM – CRM for Contact form CF7 & WooCommerce<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity world is once again under the spotlight as another critical vulnerability has been identified, dubbed CVE-2025-24773. This particular vulnerability affects the widely used WPCRM – CRM for Contact form CF7 & WooCommerce, a plugin used for managing customer relationships in WooCommerce websites. The vulnerability is of high concern due<\/a> to its potential in jeopardizing the security of critical data and systems.
\nThe issue lies in the improper neutralization of special elements used in an SQL command, commonly referred to as an SQL Injection vulnerability<\/a>. Given the severity of the vulnerability and the potential<\/a> impact, understanding the nature of this vulnerability, how to detect it, and how to mitigate its effects is of utmost importance for any organization using the affected software.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-24773
\nSeverity: High (9.3 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n