CVE-2026-12582
Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id
CVSS Score
8.6
EPSS Score
0.2%
EPSS Percentile
7th
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.
| Vendor | unknown |
| Product | library management system |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown library management system
Be the first to know when new high vulnerabilities affecting unknown library management system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Library Management System
3.5 < 3.5.8
References
Credits
Joรฃo Ramos Maciel WPScan