Description
The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files into wp-content/plugins/. This makes it possible for unauthenticated attackers to perform arbitrary plugin installation and achieve remote code execution.
Published: 2026-05-05
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The GeekyBot plugin for WordPress is affected by a critical missing authorization flaw in versions up to and including 1.2.2. An unauthenticated user can trigger the 'geekybot_frontendajax' nopriv AJAX route, which accepts attacker‑controlled parameters to dispatch a model or function. The attacker can then invoke a plugin installer helper that downloads and unzips arbitrary ZIP files into the wp-content/plugins directory. This mechanism allows the attacker to install malicious plugins and ultimately execute remote code on the host server.

Affected Systems

Impacting the ahmadgb:GeekyBot plugin used for AI copilot, chatbot, WooCommerce lead generation, and zero‑prompt content. Any WordPress site running GeekyBot 1.2.2 or earlier is vulnerable.

Risk and Exploitability

With a CVSS score of 9.8 the vulnerability is considered critical. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. Because the flaw requires no authentication and is driven by a simple AJAX request that accepts user input, the attack vector is likely network‑based and can be exploited by any internet‑connected attacker. Successful exploitation would give the attacker full remote code execution privileges on the server, granting complete control over the affected site.

Generated by OpenCVE AI on May 5, 2026 at 05:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GeekyBot to the latest version, which includes the missing authorization fix.
  • Configure the web server or WordPress security plugin to block unauthenticated access to the 'geekybot_frontendajax' AJAX action or remove the route entirely.
  • Immediately remove any plugins that were installed through the vulnerability, run a full malware scan, and review site integrity.

Generated by OpenCVE AI on May 5, 2026 at 05:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 04:00:00 +0000

Type Values Removed Values Added
Description The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files into wp-content/plugins/. This makes it possible for unauthenticated attackers to perform arbitrary plugin installation and achieve remote code execution.
Title GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-05-05T03:37:37.441Z

Reserved: 2026-03-31T22:56:16.553Z

Link: CVE-2026-5294

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T04:16:19.470

Modified: 2026-05-05T04:16:19.470

Link: CVE-2026-5294

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T05:30:16Z

Weaknesses