CVE-2026-5294 - GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action
CVE ID :CVE-2026-5294 Published : May 5, 2026, 3:37 a.m. | 33 minutes ago Description :The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates
- [CYBER] CSA tasks critical information infrastructure leaders to review cyber risks due to AI-enabled threats
- [CYBER] CVE-2026-7810 - UsamaK98 python-notebook-mcp server.py add_cell path traversal
- [CYBER] CVE-2026-5159 - Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter
- [CYBER] CVE-2026-4665 - WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute
- [CYBER] CVE-2026-4803 - Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta