Unauthorized Data Modification in Library Management System Plugin for WordPress
CVE-2025-10303

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Library Management System
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-10303?

The Library Management System plugin for WordPress has a vulnerability that allows authenticated attackers with Subscriber-level access or higher to modify data due to a missing capability check in the owt7_library_management_ajax_handler() function. This flaw affects all versions up to and including 3.1, enabling attackers to alter various settings and features of the plugin, potentially leading to unauthorized changes in the library management functionality.

Affected Version(s)

Library Management System * <= 3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/library-manage...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Sep 11, 2025

Credit

Jonas Benjamin Friedli

JSON