Impact
An unauthenticated SQL Injection flaw exists in WordPress GeekyBot plugin versions up to 1.2.5, allowing an attacker to inject arbitrary SQL commands. This can lead to unauthorized read or modification of the site's database. The weakness is classified as CWE‑89 and is described as a classic injection vulnerability.
Affected Systems
The vulnerability affects WordPress installations using the GeekyBot plugin by Ahmadgb, specifically versions 1.2.5 and earlier. No other vendors or products are listed as affected.
Risk and Exploitability
The CVSS score of 9.3 marks it as critical. EPSS data is not available, but the lack of a KEV listing does not imply lower risk. Since the injection is unauthenticated and can be triggered via normal website traffic, any user visiting a vulnerable site can potentially exploit it without prior access. Attackers would need to craft malicious input against the plugin’s database queries to gain exploitation.
OpenCVE Enrichment