CVE-2024-8679: 
WordPress vulnerability analysis and mitigation

The Library Management System – Manage e-Digital Books Library plugin for WordPress contains a SQL Injection vulnerability (CVE-2024-8679) discovered in December 2024. The vulnerability affects all versions up to and including 3.0.0, where the 'value' parameter of the owt_lib_handler AJAX action is susceptible to SQL injection attacks (NVD).

The vulnerability stems from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries in the owt_lib_handler AJAX action. This allows authenticated attackers with Administrator-level access to append additional SQL queries to existing ones. The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N, indicating network accessibility with low attack complexity but requiring high privileges (NVD).

When exploited, this vulnerability enables authenticated attackers with Administrator-level privileges to extract sensitive information from the database by injecting malicious SQL queries into existing database operations (NVD).

Users should upgrade to a version newer than 3.0.0 when available. As this is a recently discovered vulnerability, users should monitor for updates from the plugin developers (NVD).