Unauthenticated SQL Injection in Library Management System Product by WordPress
CVE-2026-56034
9.3CRITICAL
What is CVE-2026-56034?
The Library Management System plugin for WordPress, versions 3.5.7 and lower, is susceptible to an unauthenticated SQL injection vulnerability. This flaw allows attackers to manipulate SQL queries executed by the system to gain unauthorized access to sensitive data or perform administrative operations without proper authentication. Website operators using this plugin should take immediate action to update to the latest version and safeguard their systems from potential exploits.
Affected Version(s)
Library Management System <= 3.5.7
References
CVSS V3.1
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Benedictus Jovan (aillesim/eneri) | Patchstack Bug Bounty Program