SQL Injection Vulnerability in Library Management System Plugin for WordPress
CVE-2025-12707

7.5HIGH

Key Information:

Vendor: WordPress
Status: Library Management System
Vendor: CVE Published:; 19 February 2026

What is CVE-2025-12707?

The Library Management System plugin for WordPress is susceptible to SQL Injection through the 'bid' parameter due to inadequate escaping practices. Malicious users can exploit this vulnerability, allowing them to inject arbitrary SQL queries into the database. This can lead to unauthorized access and extraction of sensitive information. Versions of the plugin prior to 3.2.1 are particularly at risk, emphasizing the need for users to update their installations to prevent such attacks.

Affected Version(s)

Library Management System 0 <= 3.2.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Nov 4, 2025

Credit

Athiwat Tiprasaharn

Itthidej Aramsri

Powpy

Waris Damkham

Peerapat Samatathanyakorn

CVE-2025-12707 Data

JSON