CVE-2026-3456: The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL
highvulnerability
security
Summary
The GeekyBot WordPress plugin (up to version 1.2.0) has a SQL injection vulnerability (a type of attack where hackers insert malicious database commands into user input) in the 'attributekey' parameter. Because the plugin doesn't properly clean user input or secure its database queries, unauthenticated attackers can add extra SQL commands to extract sensitive data from the site's database.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
May 5, 2026
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-3456
First tracked: May 5, 2026 at 02:08 AM
Classified by LLM (prompt v3) · confidence: 72%