CVE-2024-12406: 
WordPress vulnerability analysis and mitigation

The Library Management System – Manage e-Digital Books Library plugin for WordPress contains a SQL Injection vulnerability (CVE-2024-12406) that affects all versions up to and including 3.0.0. The vulnerability exists in the 'owt7borrowbooks_id' parameter due to insufficient escaping of user-supplied input and inadequate SQL query preparation (NVD).

The vulnerability is classified as a SQL Injection (CWE-89) with a CVSS v3.1 Base Score of 6.5 (Medium). The attack vector requires network access (AV:N) with low attack complexity (AC:L) and requires low privileges (PR:L). The vulnerability does not require user interaction (UI:N) and affects only the user scope (S:U). It has a high impact on confidentiality (C:H) but no impact on integrity (I:N) or availability (A:N) (Wordfence).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to append additional SQL queries to existing queries, potentially enabling the extraction of sensitive information from the database (NVD).

Users should upgrade to a version newer than 3.0.0 when available. In the meantime, it is recommended to restrict access to the affected parameter and implement additional input validation (NVD).