CVE Catalog
CVE-2026-54831
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
The GeoDirectory plugin in versions up to 2.8.162 contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows unauthorized database queries to be executed.
Risk Assessment
An attacker may gain access to sensitive data stored in the database, such as user data or site configuration, potentially leading to security breaches and system integrity issues.
Recommendation
Immediately update the GeoDirectory plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

