PT-2026-57640 · Undefined · Undefined

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-12582

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-12582

Affected Products

Undefined