CVE-2025-49330 – Bigin Zoho CRM Contact Form 7 Object Injection Vulnerability

June 17, 2025

CVE ID : CVE-2025-49330

Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin allows Object Injection. This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through 1.3.0.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

Next Article CVE-2025-49261 – ThemBay Diza PHP Remote File Inclusion Vulnerability

Highlights

CVE-2025-20282 – Cisco ISE and ISE-PIC Privilege Escalation Remote File Upload Vulnerability

June 25, 2025

CVE ID : CVE-2025-20282

Published : June 25, 2025, 5:15 p.m. | 1 hour, 44 minutes ago

Description : A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root.

This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

Looking for an Ubuntu Manual? Try This Book

CVE-2025-49330 – Bigin Zoho CRM Contact Form 7 Object Injection Vulnerability

Why the tech industry needs to stand firm on preserving end-to-end encryption

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

Microsoft Shifts Windows Licensing to Azure with Confidential Computing

CVE-2025-27197 – Adobe Lightroom Out-of-Bounds Write Arbitrary Code Execution Vulnerability

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

CVE-2025-7093 – Belkin F9K1122 Remote Stack-Based Buffer Overflow Vulnerability

CVE-2025-20282 – Cisco ISE and ISE-PIC Privilege Escalation Remote File Upload Vulnerability

CVE-2025-47655 – themarketer2023 CSRF Stored XSS Vulnerability

Minnesota National Guard Deployed After Major Cyberattack on St. Paul City Systems

Photobooth is photobooth software for the Raspberry Pi and PC

CVE-2025-49330 – Bigin Zoho CRM Contact Form 7 Object Injection Vulnerability

Related Posts