External risk intelligence

GeoDirectory Unauthenticated SQL Injection Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-54831

The vulnerability exists in a WordPress plugin designed for public-facing directory functionality. Such plugins are typically installed on web servers to provide public web endpoints, and as an unauthenticated SQL injection, the affected functionality is accessible to any internet user visiting the site.

SQL Injection

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a critical security vulnerability in a widely used WordPress plugin that could allow unauthorized access to sensitive data through unauthenticated SQL injection. The issue affects systems using versions prior to 2.8.162 of the GeoDirectory plugin. Given the nature of the vulnerability and the plugin's typical use case, the primary concern is confirming relevance and assessing exposure.

  • Plugin allows unauthorized data access.
  • Critical risk if unpatched or unmitigated.
  • Confirm relevance and scope of exposure.

Attack Path

How an attacker could exploit the issue

An attacker can target unauthenticated users by exploiting a flaw in the GeoDirectory plugin. This vulnerability allows them to inject malicious SQL code, potentially leading to unauthorized data access or manipulation.

  • No authentication required.
  • Inject SQL via user input.
  • Unauthorized data access.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could expose sensitive information stored in the application's database by allowing an unauthenticated attacker to inject malicious SQL code. When supported by the advisory, this could affect system data and potentially user data by altering database queries.

  • Database contents at risk.
  • Unauthenticated SQL injection.
  • Unauthorized access to data.

Operational Fix

Recommended remediation, mitigation, and detection steps

This unauthenticated SQL injection vulnerability affects GeoDirectory, commonly used for public-facing directory features on WordPress sites. Identifying affected instances, confirming their reachability and business criticality, and then engaging the accountable application or platform owner for remediation planning are the immediate priorities.

  • Application owners should lead remediation efforts.
  • Verify public exposure and business criticality.
  • Plan risk-based remediation actions.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the GeoDirectory WordPress plugin?

GeoDirectory is a software extension for WordPress sites that adds directory-style features. It is primarily used to manage and display searchable listings, such as local business directories, real estate portals, or event maps, directly on a website's front end.

What does SQL injection mean for CVE-2026-54831?

This vulnerability falls under the CWE-89 weakness class, which happens when software fails to properly sanitize user-provided input before using it in a database query. In the context of this CVE, it allows an attacker to insert their own SQL commands, potentially tricking the application into revealing or altering data it should keep private.

How can an attacker trigger this GeoDirectory vulnerability?

An attacker triggers this flaw by sending specially crafted inputs to the plugin's web interface without needing to log in. It is important to note that this is not triggered by administrative actions or authorized user activity, but rather by interactions with the public-facing features of the site that handle unsanitized data.

Do I need to worry if my site is internal?

Halo Surface Signal indicates that because GeoDirectory is designed to provide public web endpoints, the vulnerability is highly likely to be accessible to anyone on the internet. While internal sites face less immediate risk from external actors, any instance reachable via a network is a potential target for this type of automated data injection.

What should I do if I use GeoDirectory?

Your first step is to confirm if your current version is 2.8.162 or older. Once you identify affected sites, coordinate with your application owners to prioritize updates. Focus on validating which sites are publicly reachable and critical to your operations to ensure resources are applied where the risk is greatest.

References