PT-2026-20585 · WordPress · Library Management System

Athiwat Tiprasaharn

Published

2026-02-19

Updated

2026-02-23

CVE-2025-12707

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Library Management System versions prior to 3.2.2

Description The Library Management System plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the bid parameter is not properly sanitized, allowing attackers to inject malicious SQL code. This can enable unauthenticated attackers to extract sensitive information from the database by appending additional SQL queries to existing ones.

Recommendations Update the Library Management System plugin to version 3.2.2 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-12707

Affected Products

Library Management System

PT-2026-20585 · WordPress · Library Management System

CVE-2025-12707

Weakness Enumeration

Related Identifiers

Affected Products

References · 6