PT-2026-20585 · WordPress · Library Management System

Athiwat Tiprasaharn

Publicado

2026-02-19

Atualizado

2026-02-23

CVE-2025-12707

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Library Management System versions prior to 3.2.2

Description The Library Management System plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the bid parameter is not properly sanitized, allowing attackers to inject malicious SQL code. This can enable unauthenticated attackers to extract sensitive information from the database by appending additional SQL queries to existing ones.

Recommendations Update the Library Management System plugin to version 3.2.2 or later.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2025-12707

Produtos afetados

Library Management System

PT-2026-20585 · WordPress · Library Management System

CVE-2025-12707

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6