CVE-2026-57681
MediumCVSS 6.4Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
The GeoDirectory plugin version 2.8.161 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability exploitable by subscribers. This allows an attacker with subscriber privileges to send HTTP requests to internal server resources.
Risk Assessment
The risk involves potential internal network scanning, access to sensitive data or services, and possible use of the server for attacks on other systems.
Recommendation
It is recommended to immediately update the GeoDirectory plugin to the latest available version that fixes this vulnerability. Also, restrict subscriber permissions to the minimum necessary.
Original NVD description (English source)
Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.

