The vulnerability identified as CVE-2025-59557 affects the ThemeMove Learts Addons plugin versions before 1.7.5. It is caused by improper neutralization of special elements used in SQL commands, resulting in SQL Injection. This allows remote attackers to execute arbitrary SQL queries without authentication, potentially exposing sensitive data. The CVSS score is 9.3 (critical), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and a high confidentiality impact with no integrity impact and low availability impact. There is no vendor advisory or patch link provided, and the product is not a cloud service.

Successful exploitation of this vulnerability can lead to unauthorized disclosure of sensitive information from the database due to SQL Injection. The confidentiality impact is high, while integrity remains unaffected and availability impact is low. There are no reports of active exploitation in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should monitor for vendor updates and consider applying any recommended temporary mitigations from ThemeMove. Avoid exposing the vulnerable plugin to untrusted networks and restrict access where possible.