GeekyBot
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40772 | Cri | 0.65 | 10.0 | — | Jun 15, 2026 | Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. | ||
| CVE-2026-39519 | Cri | 0.60 | 9.3 | — | Jun 15, 2026 | Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions. | ||
| CVE-2026-5294 | Cri | 0.57 | 9.8 | 0.00 | May 5, 2026 | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips… | ||
| CVE-2025-15266 | Hig | 0.47 | 7.2 | 0.00 | Jan 14, 2026 | The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping.… | ||
| CVE-2026-3456 | Hig | 0.42 | 7.5 | 0.00 | May 5, 2026 | The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of… |
- risk 0.65cvss 10.0epss —
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
- risk 0.60cvss 9.3epss —
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
- risk 0.57cvss 9.8epss 0.00
The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips…
- risk 0.47cvss 7.2epss 0.00
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping.…
- risk 0.42cvss 7.5epss 0.00
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of…