Does Library Bookshelves have any unpatched vulnerabilities?

Yes — Library Bookshelves currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Library Bookshelves compatible with WordPress 6.7.5?

According to WordPress.org data, Library Bookshelves 5.11 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Library Bookshelves compatible with PHP 5.3+?

Library Bookshelves requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Library Bookshelves updated?

Library Bookshelves was last updated on Mar 1, 2025. Frequent updates are generally a positive security signal.

What is Library Bookshelves's security score?

Library Bookshelves has a WP-Safety security score of 66/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Library Bookshelves Security & Risk Analysis

wordpress.org/plugins/library-bookshelves

Create bookshelves that link to your library catalog. Use shortcodes to display book covers in carousels.

500 active installs v5.11 PHP 5.3+ WP 4.6+ Updated Mar 1, 2025

booksbookshelfcataloglibraryopac

C · Use Caution

CVEs total4

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Library Bookshelves Safe to Use in 2026?

Use With Caution

Score 66/100

Library Bookshelves has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

4 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 1yr ago

Risk Assessment

The 'library-bookshelves' plugin version 5.11 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and maintaining a relatively small attack surface with only one shortcode entry point, none of which are unprotected. The output escaping is also largely effective, with 88% of outputs properly escaped. However, several concerns warrant attention. The presence of two flows with unsanitized paths in the taint analysis, even without a critical or high severity, indicates a potential for vulnerabilities that could be exploited if proper sanitization is not consistently applied. The plugin's vulnerability history is particularly concerning, with a total of four known CVEs, one of which remains unpatched. The recurring pattern of 'Cross-site Scripting' vulnerabilities suggests a persistent issue with input validation and output encoding, which has not been fully remediated over time. The last recorded vulnerability in late 2025 is also concerning, indicating recent issues that may not have been addressed by this version. While the plugin has strengths in its SQL handling and limited attack surface, the history of multiple medium-severity XSS vulnerabilities and an unpatched CVE points to a need for significant security review and remediation to ensure user data and site integrity.

Key Concerns

Unpatched CVE
Medium severity CVEs (4 total)
Flows with unsanitized paths
Partially unescaped output (12% of 128)

Vulnerabilities

Library Bookshelves Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-57964medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Library Bookshelves <= 5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

CVE-2024-13464medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Library Bookshelves <= 5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 17, 2025 Patched in 5.11 (17d)

CVE-2024-11359medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Library Bookshelves <= 5.8 - Reflected Cross-Site Scripting

Dec 11, 2024 Patched in 5.9 (1d)

CVE-2024-52453medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Library Bookshelves <= 5.8 - Reflected Cross-Site Scripting

Nov 18, 2024 Patched in 5.9 (23d)

Code Analysis

Analyzed Mar 16, 2026

Library Bookshelves Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

112 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared10 total queries

Output Escaping

88% escaped128 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

save_bookshelf (class-bookshelves-post-type.php:226)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Library Bookshelves Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[bookshelf] class-bookshelves-shortcode.php:14

WordPress Hooks 24

actioninitbookshelves-taxonomy.php:30

actioninitclass-bookshelves-post-type.php:16

actionadmin_initclass-bookshelves-post-type.php:17

actionsave_post_bookshelvesclass-bookshelves-post-type.php:22

filtersingle_templateclass-bookshelves-post-type.php:23

actionupdate_bookshelfclass-bookshelves-post-type.php:24

filtermanage_edit-bookshelves_columnsclass-bookshelves-post-type.php:28

filtermanage_edit-bookshelves_sortable_columnsclass-bookshelves-post-type.php:29

filterposts_clausesclass-bookshelves-post-type.php:30

actionmanage_bookshelves_posts_custom_columnclass-bookshelves-post-type.php:31

actionadd_meta_boxesclass-bookshelves-post-type.php:32

filtersanitizeclass-bookshelves-post-type.php:329

actioninitclass-bookshelves-settings.php:17

actionadmin_initclass-bookshelves-settings.php:20

actionadmin_menuclass-bookshelves-settings.php:23

actionadmin_noticesclass-bookshelves-settings.php:26

actioninitclass-bookshelves-shortcode.php:9

actionadmin_initclass-bookshelves-shortcode.php:10

actionwp_enqueue_scriptsclass-library-bookshelves.php:39

actionwp_enqueue_scriptsclass-library-bookshelves.php:40

actionadmin_enqueue_scriptsclass-library-bookshelves.php:43

actionadmin_enqueue_scriptsclass-library-bookshelves.php:44

actionadmin_initclass-library-bookshelves.php:63

filtercron_schedulesclass-library-bookshelves.php:66

Maintenance & Trust

Library Bookshelves Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 1, 2025

PHP min version5.3

Downloads28K

Community Trust

Rating90/100

Number of ratings8

Active installs500

Alternatives

Library Bookshelves Alternatives

RS WP Book Showcase – A Complete Book Catalogue & Library System

rs-wp-books-showcase

Premier WordPress book gallery plugin, offering advanced search options and multiple layouts for effortless book showcasing.

1K 2 unpatched

Library Management System

library-management-system

Library Management System is a WordPress plugin that helps schools and colleges manage libraries, bookcases, sections, categories, and users.

300 4 CVEs

BNC BiblioShare

bnc-biblioshare

Displays a book's cover image, title, author, and other book data from BiblioShare

20 No CVEs

Classroom Library

classroom-library

100

Classroom library plugin to catalog books and create a check in/out system for students.

20 No CVEs

Bestseller Lists from the New York Times

bestseller-lists-from-new-york-times

100

Integrate bestseller lists from the New York Times into your own site with a user-friendly interface.

10 No CVEs

Developer Profile

Library Bookshelves Developer Profile

photonicgnostic

1 plugin · 500 total installs

trust score

Avg Security Score

66/100

Avg Patch Time

14 days

View full developer profile

Detection Fingerprints

How We Detect Library Bookshelves

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/library-bookshelves/css/bookshelves.css/wp-content/plugins/library-bookshelves/slick/slick.css/wp-content/plugins/library-bookshelves/slick/slick-theme.css/wp-content/plugins/library-bookshelves/js/divifix.js/wp-content/plugins/library-bookshelves/js/bookshelves.js

Script Paths

/wp-content/plugins/library-bookshelves/slick/slick.min.js

Version Parameters

library-bookshelves/css/bookshelves.css?ver=library-bookshelves/slick/slick.css?ver=library-bookshelves/slick/slick-theme.css?ver=library-bookshelves/js/divifix.js?ver=library-bookshelves/js/bookshelves.js?ver=library-bookshelves/slick/slick.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

bookshelf-itembookshelf-carouselslick-slidebookshelves-template-wrapperbookshelves-list-templatebookshelves-grid-templatebookshelves-grid-itembookshelves-grid-item-img-wrapper+8 more

HTML Comments

Data Attributes

data-slickdata-bookshelf-iddata-bookshelf-layoutdata-bookshelf-items-per-row

JS Globals

LibraryBookshelveslibraryBookshelves

REST Endpoints

/wp-json/library-bookshelves/v1/bookshelf/

Shortcode Output

[bookshelves][bookshelves layout="grid"][bookshelves layout="list"][bookshelves layout="carousel"]

FAQ