Description
Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.
Published: 2026-07-02
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated SQL Injection flaw exists in WordPress GeekyBot plugin versions up to 1.2.5, allowing an attacker to inject arbitrary SQL commands. This can lead to unauthorized read or modification of the site's database. The weakness is classified as CWE‑89 and is described as a classic injection vulnerability.

Affected Systems

The vulnerability affects WordPress installations using the GeekyBot plugin by Ahmadgb, specifically versions 1.2.5 and earlier. No other vendors or products are listed as affected.

Risk and Exploitability

The CVSS score of 9.3 marks it as critical. EPSS data is not available, but the lack of a KEV listing does not imply lower risk. Since the injection is unauthenticated and can be triggered via normal website traffic, any user visiting a vulnerable site can potentially exploit it without prior access. Attackers would need to craft malicious input against the plugin’s database queries to gain exploitation.

Generated by OpenCVE AI on July 3, 2026 at 13:27 UTC.

Remediation

Vendor Solution

Update the WordPress GeekyBot Plugin to the latest available version (at least 1.2.6).


OpenCVE Recommended Actions

  • Upgrade the GeekyBot plugin to version 1.2.6 or later, which removes the vulnerable code path.
  • If an upgrade is not immediately possible, disable or delete the plugin to eliminate the attack surface.
  • Monitor the web application for unusual database queries or malicious activity and log any failed login attempts to detect exploitation attempts.

Generated by OpenCVE AI on July 3, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.
Title WordPress GeekyBot plugin <= 1.2.5 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T12:42:12.099Z

Reserved: 2026-06-25T08:03:42.567Z

Link: CVE-2026-57679

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T13:30:13Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')