CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-5294 — The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in ver...

·Source: NIST NVD

Updated:

Executive Summary

The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files into wp-content/plugins/. This makes it possible for unauthenticated attackers to perform arbitrary plug

Analysis

The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files into wp-content/plugins/. This makes it possible for unauthenticated attackers to perform arbitrary plugin installation and achieve remote code execution. CVSS Score: 9.8. Published: 2026-05-05T04:16:19.470.

Indicators of Compromise (1)

CVE (1)
CVE-2026-5294
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 5, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Mastercard shuffles leadership

Mastercard today announced a series of leadership updates that build on the company’s strategy and momentum by sharpening execution and deepening its customer focus in support of its continued growth.

Finextra
MEDIUMVulnerabilityNEW

TCS and Mistral AI Sign Strategic Partnership

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/tcs-mistral-ai-sign-strategic-partnership-image_small-9-a-31835.jpg" align=right hspace=4><b>TCS to Build and Deploy Custom AI Models Using Mistral Forge</b><br>Tata Consultancy Services struck a strategic partnership with Mistral AI, making it the first global systems integrator to deliver Mistral Forge to enterprise clients, the

Bank Info Security
MEDIUMVulnerabilityNEW

HearstLab and Fitch Learning take stake in Founderz to bridge AI literacy gap at banks

Fitch Learning, the global leader in financial services education, and Founderz, Europe’s premier AI business school, today announced a strategic partnership that will provide learners worldwide with innovative, personalized training that combines Fitch’s deep expertise in financial services education with Founderz’s award-winning, multilingual AI learning platform and global community reach.

Finextra