CVE-2026-5294
CVE-2026-5294 : The Geeky Bot plugin for WordPress, affected in versions up to 1.2.2, suffers a Missing Authorization vulnerability via a nopriv AJAX route (geekybot_frontendajax). Attacker-controlled model/function dispatch reaches a plugin installer helper that downloads and unzips attacker-sup...