The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.
Metrics
Affected Vendors & Products
References
History
Mon, 13 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 13 Jul 2026 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Library Management System Project
Library Management System Project library Management System Wordpress Wordpress wordpress |
|
| Vendors & Products |
Library Management System Project
Library Management System Project library Management System Wordpress Wordpress wordpress |
Mon, 13 Jul 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes. | |
| Title | Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-07-13T14:51:37.360Z
Reserved: 2026-06-18T07:03:51.299Z
Link: CVE-2026-12582
Updated: 2026-07-13T14:51:32.767Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T14:30:16Z