Platform
wordpress
Component
learts-addons
Fixed in
1.7.6
CVE-2025-59557 identifies a SQL Injection vulnerability within the Learts Addons plugin for WordPress. This flaw allows attackers to inject malicious SQL code, potentially compromising sensitive data and gaining unauthorized access to the database. The vulnerability impacts versions from 0.0.0 up to and including 1.7.5, and a fix is available in version 1.7.6.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication mechanisms and directly access the WordPress database. This could lead to the theft of sensitive user data, including usernames, passwords, email addresses, and potentially financial information if stored in the database. Furthermore, an attacker could modify or delete data, disrupt website functionality, or even gain complete control over the WordPress installation. The potential blast radius is significant, particularly for sites handling sensitive user data or financial transactions.
As of the publication date (2025-10-22), there is no indication of active exploitation of CVE-2025-59557. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the CRITICAL severity suggests a high likelihood of exploitation if the vulnerability remains unpatched.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-59557 is to immediately upgrade the Learts Addons plugin to version 1.7.6 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the vulnerable endpoints. Carefully review and sanitize all user inputs to prevent SQL injection attacks. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection attack on the affected endpoint and verifying that it is properly blocked.
Update the Learts Addons plugin to version 1.7.6 or higher to mitigate the SQL Injection vulnerability. Check for available updates in the WordPress plugin repository or on the developer's website. Implement additional security measures, such as user input validation and sanitization, to prevent future vulnerabilities.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59557 is a critical SQL Injection vulnerability affecting Learts Addons for WordPress, allowing attackers to inject malicious SQL code and potentially access sensitive data.
You are affected if you are using Learts Addons versions 0.0.0 through 1.7.5. Upgrade to 1.7.6 to mitigate the risk.
Upgrade the Learts Addons plugin to version 1.7.6 or later. If immediate upgrade is not possible, implement WAF rules and sanitize user inputs.
As of the publication date, there is no confirmed active exploitation, but the CRITICAL severity suggests a high potential for exploitation.
Refer to the official Learts Addons website or their security advisory page for the latest information and updates regarding CVE-2025-59557.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.