External risk intelligence

Listdom Blind SQL Injection Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-54819

A SQL injection vulnerability in the Listdom component could permit attackers to execute unauthorized database commands. If reachable, this may lead to unintended data access or service disruption. Confirming Listdom deployment and external exposure is crucial for assessing risk.

SQL Injection

Halo Surface Signal

Likely · external exposure

4Halo Surface Signal

Listdom is a WordPress plugin used to manage directory listings on websites. Such plugins are designed to render content directly to public internet users, making the associated web application endpoints commonly internet-facing.

Horizon Alert

Summary of the vulnerability and why it matters

A SQL injection vulnerability has been identified in the Listdom plugin, a tool used for managing website directory listings. This flaw could potentially allow unauthorized access or manipulation of data within affected web applications. The main concern at this time is confirming if this plugin is in use and if it is exposed to external threats.

  • Allows attackers to inject malicious SQL commands.
  • Critical for understanding potential data exposure risks.
  • Verify if Listdom is deployed and exposed.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending specially crafted data over the internet to a website using the vulnerable Listdom component. If the website doesn't properly handle these inputs, the attacker could manipulate database queries, potentially leading to unauthorized access to sensitive information or other unintended actions.

  • No authentication needed to trigger.
  • Sends malicious input to the website.
  • Allows unauthorized database access.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to interact with the application's database in unintended ways. When supported by the advisory, this could potentially lead to the disclosure of database contents, or manipulation of service behavior.

  • Database contents could be exposed.
  • Network access enables exposure.
  • Information disclosure or service disruption.

Operational Fix

Recommended remediation, mitigation, and detection steps

Application owners responsible for the Listdom plugin should lead remediation efforts, coordinating with infrastructure and network security teams. The immediate priority is to identify all instances of Listdom, assess their exposure to external networks, and determine business criticality to prioritize patching or other mitigation strategies.

  • Application owners should manage this issue.
  • Verify Listdom instances and their exposure.
  • Plan coordinated patching or mitigation.

Supplementary metadata

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is the Listdom plugin?

Listdom is a WordPress plugin developed by Webilia Inc. It is primarily used to build and manage directory listing websites, such as real estate portals or business directories. It functions by allowing site administrators to organize, display, and search through structured collections of information on their WordPress site, making it a functional component of the web server's content management layer.

What does CVE-2026-54819 mean by SQL Injection?

This vulnerability is classified as CWE-89, which refers to Improper Neutralization of Special Elements used in an SQL Command. In plain terms, the plugin fails to properly clean or validate data sent by users before including it in database queries. Because it is a 'Blind' SQL injection, an attacker cannot necessarily see the database output directly, but they can infer information by observing how the website responds to specific, injected queries.

How is this Listdom vulnerability triggered?

An attacker triggers the flaw by sending specially crafted input to the website that the Listdom plugin processes. Because the vulnerability does not require any authentication, the attacker does not need an account or special permissions to initiate the request. The bug is triggered when the application accepts this malicious data as a legitimate part of an SQL command; it would not be triggered by standard, well-formed traffic that conforms to expected application inputs.

Is my website at risk from this vulnerability?

According to Halo Surface Signal, Listdom is often used to render content directly to public internet users, meaning the endpoints associated with the plugin are frequently internet-facing. If you run Listdom versions up to 5.4.0, your instance is likely accessible to external attackers. Because the vulnerability is reachable over a network without authentication, any site utilizing this plugin for public directories should consider itself potentially reachable.

How should I respond to CVE-2026-54819?

Your first step is to conduct an inventory to verify if Listdom is installed on your systems and which version is running. Once identified, evaluate the business criticality of those specific sites and check for available updates from the vendor to resolve the flaw. If an update is not immediately feasible, coordinate with your technical teams to assess whether you can restrict access to the affected directory features until a permanent fix is applied.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished