CVE Catalog

CVE-2026-54831

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

The GeoDirectory plugin in versions up to 2.8.162 contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows unauthorized database queries to be executed.

Risk Assessment

An attacker may gain access to sensitive data stored in the database, such as user data or site configuration, potentially leading to security breaches and system integrity issues.

Recommendation

Immediately update the GeoDirectory plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS