CVE-2025-59557 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection (SQLi) in **Learts Addons** plugin. <br>💥 **Consequences**: Attackers can manipulate database queries, leading to **data theft**, **data corruption**, or **server compromise**.…

🛡️ **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').…

📦 **Vendor**: ThemeMove. <br>📦 **Product**: WordPress Plugin **Learts Addons**. <br>📉 **Affected Versions**: **< 1.7.5**. <br>✅ **Safe**: Version 1.7.5 and above are patched.

🕵️ **Privileges**: No authentication required (PR:N). <br>💾 **Data**: High Confidentiality Impact (C:H). Attackers can **read sensitive database data** (user credentials, site config).…

📉 **Threshold**: **LOW**. <br>🔓 **Auth**: None required (PR:N). <br>🖱️ **UI**: None required (UI:N). <br>🌐 **Network**: Remote (AV:N). <br>🎯 **Complexity**: Low (AC:L). Easy to exploit remotely.

🚫 **Public Exp**: No PoC provided in the data (pocs: []). <br>📢 **Wild Exp**: Likely low currently due to lack of public exploits, but the **CVSS Vector** indicates it is highly exploitable if a PoC is developed.…

🔍 **Self-Check**: <br>1. Check WordPress Admin > Plugins. <br>2. Look for **Learts Addons**. <br>3. Verify version number. <br>4. If **< 1.7.5**, you are vulnerable. <br>5.…

✅ **Fixed**: Yes. <br>📦 **Patch**: Update **Learts Addons** to version **1.7.5** or higher. <br>🔗 **Source**: Patchstack database confirms the fix in v1.7.5.

🛑 **Workaround**: <br>1. **Deactivate** the plugin immediately if update is not possible. <br>2. **Delete** the plugin if not needed. <br>3.…

🔥 **Urgency**: **HIGH**. <br>📊 **CVSS**: 7.5 (High). <br>⚡ **Priority**: Patch immediately. <br>🎯 **Reason**: Remote, unauthenticated, low complexity, high data impact. Do not delay.