CVE-2025-9587: CTL Behance Importer Lite <= 1.0 - Unauthenticated SQL Injection

Q: What is the severity of CVE-2025-9587?

CVE-2025-9587 is classified as a critical vulnerability due to its potential for SQL injection.

Q: How do I fix CVE-2025-9587?

To fix CVE-2025-9587, update the CTL Behance Importer Lite plugin to the latest version that addresses this SQL injection vulnerability.

Q: Who is affected by CVE-2025-9587?

Any users of the CTL Behance Importer Lite WordPress plugin version 1.0 are potentially affected by CVE-2025-9587.

Q: What kind of attack is associated with CVE-2025-9587?

CVE-2025-9587 is associated with SQL injection attacks, which can allow attackers to manipulate the database.

Q: Can CVE-2025-9587 be exploited by unauthenticated users?

Yes, CVE-2025-9587 allows exploitation through an AJAX action accessible to unauthenticated users.

Published Oct 2, 2025

Updated

The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Affected Software

1 affected component

Ctl Behance Importer Lite<=1.0

Event History

Oct 2, 2025

CVE Published

via MITRE·06:00 AM

Data Sourced

via MITRE·06:00 AM

DescriptionWeakness

Data Sourced

via NVD·06:15 AM

DescriptionSeverity

Feb 28, 57989

Event

via FIRST·08:13 AM

Frequently Asked Questions

What is the severity of CVE-2025-9587?

CVE-2025-9587 is classified as a critical vulnerability due to its potential for SQL injection.

How do I fix CVE-2025-9587?

To fix CVE-2025-9587, update the CTL Behance Importer Lite plugin to the latest version that addresses this SQL injection vulnerability.

Who is affected by CVE-2025-9587?

Any users of the CTL Behance Importer Lite WordPress plugin version 1.0 are potentially affected by CVE-2025-9587.

What kind of attack is associated with CVE-2025-9587?

CVE-2025-9587 is associated with SQL injection attacks, which can allow attackers to manipulate the database.

Can CVE-2025-9587 be exploited by unauthenticated users?

Yes, CVE-2025-9587 allows exploitation through an AJAX action accessible to unauthenticated users.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.