{"data":{"id":"c8ab2f49-14a8-4eed-8cdf-9f22a39147af","title":"CVE-2026-3456: The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL","summary":"The GeekyBot WordPress plugin (up to version 1.2.0) has a SQL injection vulnerability (a type of attack where hackers insert malicious database commands into user input) in the 'attributekey' parameter. Because the plugin doesn't properly clean user input or secure its database queries, unauthenticated attackers can add extra SQL commands to extract sensitive data from the site's database.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-3456","publishedAt":"2026-05-05T04:16:16.790Z","cveId":"CVE-2026-3456","cweIds":["CWE-89"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GeekyBot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-05T04:16:16.790Z","capecIds":["CAPEC-66"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}