Introduction
An unauthenticated AJAX endpoint in the GeekyBot WordPress plugin allows any internet visitor to install arbitrary ZIP archives as plugins, achieving remote code execution without any credentials or user interaction. With a CVSS score of 9.8 and over 6,000 active WordPress installations running the affected versions, this vulnerability represents a significant exposure for sites using the plugin.
GeekyBot is an AI powered WordPress plugin developed by ahmadgb that provides chatbot functionality, WooCommerce lead generation, and content creation features. The plugin has been downloaded over 156,000 times and maintains more than 6,000 active installations. Its position in the growing WordPress AI plugin market makes it relevant to a broad range of site operators looking to integrate AI capabilities into their WordPress deployments.
Technical Information
The root cause of CVE-2026-5294 is a Missing Authorization weakness, classified under CWE-862. The vulnerability resides in a WordPress AJAX action registered as geekybot_frontendajax. In the WordPress architecture, AJAX actions registered with the wp_ajax_nopriv_ prefix are accessible to any visitor, including unauthenticated users. The GeekyBot plugin registered this action without implementing any authorization checks, nonce verification, or capability validation.
The geekybot_frontendajax endpoint exposes a model/function dispatch mechanism. This means the AJAX handler accepts parameters that determine which internal class (model) and which method (function) to invoke. An attacker can craft a POST request to this endpoint and manipulate the dispatch parameters to reach a plugin installer helper function built into the plugin.
This installer helper is designed to accept a URL pointing to a ZIP file, download it, and extract its contents directly into the wp-content/plugins/ directory. Because there are no authorization gates on the AJAX route, and because the attacker controls the URL parameter passed to the installer helper, the entire chain from initial request to file extraction is available to any unauthenticated user on the internet.
Attack Flow
The exploitation proceeds through the following steps:
- The attacker identifies a WordPress site running GeekyBot version 1.2.2 or earlier.
- The attacker crafts a POST request to the WordPress AJAX handler at
wp-admin/admin-ajax.phpwith the action parameter set togeekybot_frontendajax. - The request includes dispatch parameters that route execution to the plugin installer helper function.
- The attacker supplies a URL pointing to a malicious ZIP archive containing arbitrary PHP code structured as a WordPress plugin.
- The GeekyBot installer helper downloads the ZIP file from the attacker controlled URL and extracts it into
wp-content/plugins/. - The malicious PHP files are now present on the server. The attacker can then activate or directly access the planted PHP files to execute arbitrary code.
The impact of successful exploitation is complete server compromise. An attacker gains the ability to execute arbitrary PHP code, which can be leveraged for data exfiltration, backdoor installation, defacement, or lateral movement within the hosting environment.
Patch Analysis
The fix introduced in version 1.2.3, visible in changeset 3497169 on the WordPress plugin repository, addresses the vulnerability by adding a cryptographic nonce check using wp_create_nonce and by properly initializing the WordPress filesystem API to secure file operations. These controls ensure that only authenticated, authorized requests with a valid nonce can reach the installer functionality.
Affected Systems and Versions
The vulnerability affects the GeekyBot plugin for WordPress in all versions up to and including 1.2.2. The issue was resolved in version 1.2.3. The latest available version at the time of writing is 1.2.4.
Any WordPress installation running GeekyBot versions 1.0 through 1.2.2 with the plugin activated is vulnerable. Because the flaw is in a nopriv AJAX handler, the site does not need to have user registration enabled or any specific configuration; the vulnerable endpoint is exposed by default on any site where the plugin is active.
Vendor Security History
The GeekyBot plugin has had multiple high severity vulnerabilities disclosed in a short timeframe:
| Vulnerability ID | Type | Severity | Patch Status |
|---|---|---|---|
| CVE-2026-5294 | Missing Authorization (RCE) | 9.8 Critical | Patched in 1.2.3 |
| CVE-2026-40772 | Unauthenticated Arbitrary File Upload | 8.8 High | Patched |
| CVE-2025-15266 | Cross Site Scripting | High | Unpatched as of January 2026 |
While the vendor has responded to the most critical disclosures with timely patches, the recurring pattern of severe authorization and file handling issues suggests that organizations should maintain heightened monitoring of this plugin and evaluate whether its functionality justifies the associated risk.
References
- Wordfence Advisory: GeekyBot <= 1.2.2 Missing Authorization to Unauthenticated Arbitrary Plugin Installation
- NVD Entry for CVE-2026-5294
- CVE Record: CVE-2026-5294
- WordPress Plugin Repository Changeset 3497169 for GeekyBot
- GeekyBot WordPress Plugin Page
- Wordfence Vulnerability Database: GeekyBot
- Wordfence Intelligence Weekly WordPress Vulnerability Report, April 20 to April 26, 2026
- SolidWP WordPress Vulnerability Report, January 21, 2026
