平台
wordpress
组件
learts-addons
修复版本
1.7.6
CVE-2025-59557 identifies a SQL Injection vulnerability within the Learts Addons plugin for WordPress. This flaw allows attackers to inject malicious SQL code, potentially compromising sensitive data and gaining unauthorized access to the database. The vulnerability impacts versions from 0.0.0 up to and including 1.7.5, and a fix is available in version 1.7.6.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication mechanisms and directly access the WordPress database. This could lead to the theft of sensitive user data, including usernames, passwords, email addresses, and potentially financial information if stored in the database. Furthermore, an attacker could modify or delete data, disrupt website functionality, or even gain complete control over the WordPress installation. The potential blast radius is significant, particularly for sites handling sensitive user data or financial transactions.
As of the publication date (2025-10-22), there is no indication of active exploitation of CVE-2025-59557. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the CRITICAL severity suggests a high likelihood of exploitation if the vulnerability remains unpatched.
WordPress websites utilizing the Learts Addons plugin, particularly those handling sensitive user data or financial transactions, are at significant risk. Shared hosting environments where multiple websites share the same database are also at increased risk, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "learts-addons" /var/www/html/
wp plugin list | grep learts-addons• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/learts-addons/ | grep SQLdisclosure
漏洞利用状态
EPSS
0.03% (9% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-59557 is to immediately upgrade the Learts Addons plugin to version 1.7.6 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the vulnerable endpoints. Carefully review and sanitize all user inputs to prevent SQL injection attacks. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection attack on the affected endpoint and verifying that it is properly blocked.
Actualice el plugin Learts Addons a la versión 1.7.6 o superior para mitigar la vulnerabilidad de inyección SQL. Verifique las actualizaciones disponibles en el repositorio de plugins de WordPress o en el sitio web del desarrollador. Implemente medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para prevenir futuras vulnerabilidades.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-59557 is a critical SQL Injection vulnerability affecting Learts Addons for WordPress, allowing attackers to inject malicious SQL code and potentially access sensitive data.
You are affected if you are using Learts Addons versions 0.0.0 through 1.7.5. Upgrade to 1.7.6 to mitigate the risk.
Upgrade the Learts Addons plugin to version 1.7.6 or later. If immediate upgrade is not possible, implement WAF rules and sanitize user inputs.
As of the publication date, there is no confirmed active exploitation, but the CRITICAL severity suggests a high potential for exploitation.
Refer to the official Learts Addons website or their security advisory page for the latest information and updates regarding CVE-2025-59557.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。