Back to overview

CVE-2026-12582

Description
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.

Metadata

CVE ID
CVE-2026-12582
State
PUBLISHED
Assigner
WPScan
Reserved
2026-06-18 07:03 UTC
Published
2026-07-13 06:00 UTC
Last updated
2026-07-13 06:00 UTC
Vendor / Product
Unknown / Library Management System
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Unknown Library Management System 3.5 < 3.5.8
Weakness (CWE)
CWESourceDescription
cna CWE-89 SQL Injection
Back to overview