CVE-2025-10303

MEDIUM
2025-10-15 [email protected]
Authentication Bypass WordPress
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 08, 2026 - 18:38 vuln.today
CVE Published
Oct 15, 2025 - 09:15 nvd
MEDIUM 4.3

DescriptionNVD

The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management_ajax_handler() function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and manipulate several of the plugin's settings and features.

AnalysisAI

Library Management System plugin for WordPress versions up to 3.1 allows authenticated Subscriber-level users to modify plugin settings and features due to missing capability checks in the owt7_library_management_ajax_handler() AJAX function. An attacker with minimal WordPress account privileges can remotely manipulate plugin configuration without administrative authorization, leading to unauthorized changes to library data and system behavior. No active exploitation or public exploit code has been identified at this time.

Technical ContextAI

The vulnerability stems from a missing capability check (CWE-862: Missing Authorization) in the AJAX handler function owt7_library_management_ajax_handler() within the Library Management System WordPress plugin. This handler processes AJAX requests that modify plugin settings but fails to verify that the requesting user possesses the required administrative capabilities before performing write operations. WordPress capability checks (typically requiring 'manage_options' or similar admin-level permissions) are the standard authorization mechanism for plugin settings. The CVSS vector (PR:L) confirms the attack requires authenticated login, but the missing capability check allows any authenticated user-including those with only Subscriber role-to escalate their effective permissions over plugin functionality.

Affected ProductsAI

Library Management System plugin for WordPress in all versions up to and including 3.1. The plugin is distributed via the official WordPress plugin repository at plugins.trac.wordpress.org. Organizations running the WordPress plugin with default configurations allowing Subscriber-level user registration are directly affected.

RemediationAI

Update Library Management System plugin to version 3.2 or later, which includes a patch implementing proper capability checks on the owt7_library_management_ajax_handler() function (per WordPress plugin repository changeset 3382258). Site administrators should navigate to WordPress Dashboard > Plugins > Installed Plugins, locate Library Management System, and click Update to the latest version. As an interim measure on sites where immediate patching is not feasible, restrict user registration to trusted accounts only and audit existing user roles to remove Subscriber access for non-essential users. Verify no unauthorized settings modifications have occurred by comparing plugin settings against documented baseline configurations. Wordfence vulnerability intelligence page (https://www.wordfence.com/threat-intel/vulnerabilities/id/9e45feb6-5ffa-4ad3-9549-4414988f040e) provides additional monitoring guidance.

Share

CVE-2025-10303 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy