HomeDefault status
unaffected
3.5 (semver) before 3.5.8
affected
Description
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.
Problem types
Product status
3.5 (semver) before 3.5.8
Credits
João Ramos Maciel
WPScan
References
wpscan.com/...rability/762dd8c3-8972-46ef-90c2-9f3f5dce4370/