CVE-2025-9587
Description
The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated SQL injection in CTL Behance Importer Lite <=1.0 via unsanitized parameter in AJAX action.
Vulnerability
The CTL Behance Importer Lite plugin for WordPress, version 1.0 and earlier, contains a SQL injection vulnerability. The plugin fails to properly sanitize and escape a parameter before using it in a SQL statement within an AJAX action. This allows an attacker to inject arbitrary SQL queries. [1]
Exploitation
The AJAX action is available to unauthenticated users, meaning no login or special privileges are required to trigger the vulnerability. An attacker can send a crafted request containing malicious SQL code via the unsanitized parameter, leading to direct database interaction. [1]
Impact
Successful exploitation can allow an attacker to read, modify, or delete sensitive data from the WordPress database, such as user credentials, posts, and settings. This could lead to full site compromise, privilege escalation, or data theft. [1]
Mitigation
As of the latest advisory, no fix is available for this vulnerability. Users are advised to remove or replace the plugin until a patched version is released. [1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.0+ 1 more
- (no CPE)range: <=1.0
- (no CPE)range: <=1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.