CVE Catalog

CVE-2026-57681

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

The GeoDirectory plugin version 2.8.161 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability exploitable by subscribers. This allows an attacker with subscriber privileges to send HTTP requests to internal server resources.

Risk Assessment

The risk involves potential internal network scanning, access to sensitive data or services, and possible use of the server for attacks on other systems.

Recommendation

It is recommended to immediately update the GeoDirectory plugin to the latest available version that fixes this vulnerability. Also, restrict subscriber permissions to the minimum necessary.

Original NVD description (English source)

Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS