PatchSiren cyber security CVE debrief
CVE-2026-39512 Paolo CVE debrief
CVE-2026-39512 is a critical unauthenticated SQL injection vulnerability in the GeoDirectory plugin versions <= 2.8.152. The vulnerability has a CVSS score of 9.3 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-39512).
- Vendor
- Paolo
- Product
- GeoDirectory
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of GeoDirectory plugin versions <= 2.8.152 should update to a patched version to prevent potential SQL injection attacks.
Technical summary
The vulnerability is caused by a lack of proper input sanitization, allowing an attacker to inject malicious SQL code. The CVSS vector is [cvssVector](https://nvd.nist.gov/vuln/detail/CVE-2026-39512).
Defensive priority
high
Recommended defensive actions
- Update GeoDirectory plugin to a version greater than 2.8.152
- Review and restrict database access to minimize potential damage
Evidence notes
Evidence of this vulnerability was provided by Patchstack.
Official resources
-
CVE-2026-39512 CVE record
CVE.org
-
CVE-2026-39512 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39512 was published on 2026-06-15T21:16:45.850Z and modified on 2026-06-15T21:24:32.790Z.