CVE-2025-10303
BaseFortify
Publication date: 2025-10-15
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | library_management_system | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Library Management System WordPress plugin allows authenticated users with Subscriber-level access or higher to modify plugin data without proper authorization. This happens because the function owt7_library_management_ajax_handler() lacks a capability check, enabling these users to update and manipulate various plugin settings and features that they should not normally control.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users with low-level access to change plugin settings and features, potentially leading to unauthorized data manipulation within the Library Management System plugin. While it does not directly impact confidentiality or availability, it can affect the integrity of the plugin's data and configuration, possibly disrupting normal operations or causing incorrect data to be stored or displayed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Library Management System plugin for WordPress to a version later than 3.1 where the missing capability check on the owt7_library_management_ajax_handler() function is fixed. Additionally, restrict Subscriber-level access or higher privileges to trusted users only, and monitor plugin settings for unauthorized changes.