CVE-2026-42671
published 2026-06-01CVE-2026-42671: Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects…
PriorityP334medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
EPSS
0.20%
9.5th percentile
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects GeoDirectory: from n/a through 2.8.157.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paolo | geodirectory | n/a – 2.8.157 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Paolo GeoDirectory Plugin up to 2.8.157 on WordPress authorization
vuldb·2026-06-01·CVSS 6.5
CVE-2026-42671 [MEDIUM] Paolo GeoDirectory Plugin up to 2.8.157 on WordPress authorization
A vulnerability, which was classified as critical, was found in Paolo GeoDirectory Plugin up to 2.8.157 on WordPress. Affected by this issue is some unknown functionality. The manipulation results in missing authorization.
This vulnerability was named CVE-2026-42671. The attack may be performed from remote. There is no available exploit.
GHSA
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.
ghsa_unreviewed·2026-06-01
CVE-2026-42671 [MEDIUM] CWE-862 Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects GeoDirectory: from n/a through 2.8.157.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-01
Published