Product

Geeky Bot Plugin for WordPress <= 1.2.2

1 brief RSS

Geeky Bot WordPress Plugin Missing Authorization Vulnerability Leads to Remote Code Execution

The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to 1.2.2, allowing unauthenticated attackers to perform arbitrary plugin installation and achieve remote code execution by exploiting a nopriv AJAX route and uploading malicious ZIP files.

Geeky Bot plugin for WordPress <= 1.2.2 wordpress plugin rce missing-authorization cve-2026-5294 code-execution

2r 3t 1c Jan 3, 2024