CVE-2025-57964
WordPress Library Bookshelves Plugin <= 5.11 - Cross Site Scripting (XSS) VulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in photonicgnostic Library Bookshelves allows Stored XSS. This issue affects Library Bookshelves: from n/a through 5.11.
We have discovered 263 live websites that are affected by CVE-2025-57964.
Affected Software
| Product |  Library Bookshelves |
| Category | Wordpress Plugins |
| Vulnerable Domains | 263 live websites (100% of Library Bookshelves install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 6 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Sep 22, 2025
- Updated - Sep 23, 2025
Credits
- Muhammad Yudha - DJ (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-57964 United States | 210 websites |
 Canada | 10 websites |
 GB | 6 websites |
 France | 5 websites |
 Austria | 4 websites |
 Singapore | 4 websites |
 Germany | 3 websites |
 Netherlands | 2 websites |
 Poland | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2025-57964| .org | 182 websites |
| .com | 30 websites |
| .ca | 6 websites |
| .at | 4 websites |
| .info | 4 websites |
| .fr | 3 websites |
| .nl | 2 websites |
| .net | 2 websites |
| .eu | 2 websites |
| .it | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-57964
Top websites that are affected by CVE-2025-57964. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.****.gov | United States | ***,*** | |
| ***********.info | United States | ***,*** | |
| ***.cc | United States | ***,*** | |
| *******.*******.***.ng |  Nigeria | ***,*** | |
| *******.***.***.mz |  Mozambique | ***,*** | |
| *********.org | United States | *,***,*** | |
| ******************.org | United States | *,***,*** | |
| ****.org | United States | *,***,*** | |
| ****.********.ca | Canada | *,***,*** | |
| **************.org | United States | *,***,*** |
FAQ
CVE-2025-57964 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Library Bookshelves
A total of 263 websites have been identified as vulnerable to CVE-2025-57964, based on global website indexing conducted by WebTechSurvey.
The Library Bookshelves is affected by the CVE-2025-57964 vulnerability.
Library Bookshelves versions up to and including 5.11 are vulnerable to CVE-2025-57964.