cleantalk
Vulnerabilities and Security Researches

Library Management System, CVE-2025-10303

CVE, Research URL

CVE-2025-10303

Home page URL

Security reports for Library Management System

Application

Library Management System

Published on
Oct 15, 2025
Research Description
The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management_ajax_handler() function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and manipulate several of the plugin's settings and features.
Affected versions
max 3.1.
Status
vulnerable
Previous vulnerability researches
WPC Smart Wishlist for WooCommerce (CVE-2022-0397) , Jun 06, 2024
WPC Smart Wishlist for WooCommerce (CVE-2022-1465) , Jun 06, 2024
WPC Smart Wishlist for WooCommerce (CVE-2023-34386) , Jun 06, 2024
WPC Smart Wishlist for WooCommerce (CVE-2025-11742) , Nov 10, 2025
WPC Smart Wishlist for WooCommerce (CVE-2025-11518) , Nov 10, 2025
New vulnerability
WP Statistics (CVE-2025-9816) , Nov 10, 2025
GenerateBlocks (CVE-2025-11879) , Nov 10, 2025
Schema & Structured Data for WP & AMP (CVE-2025-11502) , Nov 10, 2025
OOPSpam Anti-Spam (CVE-2025-12094) , Nov 10, 2025
Playerzbr (CVE-2025-11825) , Nov 10, 2025