๐Ÿ” CVE Alert

CVE-2026-12582

HIGH 8.6

Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id

CVSS Score
8.6
EPSS Score
0.2%
EPSS Percentile
7th

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.

Vendor unknown
Product library management system
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for unknown library management system

Be the first to know when new high vulnerabilities affecting unknown library management system are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Library Management System
3.5 < 3.5.8

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/762dd8c3-8972-46ef-90c2-9f3f5dce4370/

Credits

Joรฃo Ramos Maciel WPScan