CVE-2026-3456 · The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the '

01 · The Real Story

This is a public suggestion box wired straight into the database

CVE-2026-3456 is an unauthenticated SQL injection in the WordPress plugin GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content. Per NVD and Wordfence, the bug sits in handling of the attributekey parameter and affects versions up to and including 1.2.0; Patchstack lists 1.2.1 as the first fixed version. The patch diff shows multiple raw SQL concatenations around session and attribute handling, which is exactly the kind of mistake that turns a public AJAX/chat workflow into database reads by strangers on the internet.

The vendor/CNA HIGH 7.5 baseline is broadly fair: this is pre-auth, remote, and against a web-facing WordPress plugin. But real-world risk is narrower than the label implies because the plugin only shows 6,000+ active installs, there is no KEV listing, and the supplied EPSS 0.00084 is very low. So this stays HIGH, but not because the average enterprise has a mass-breach crisis on its hands; it stays high because any site that actually runs this plugin is likely internet-exposed and the exploit path is short.

"Internet-reachable pre-auth SQLi keeps this high, but tiny install base and no exploitation evidence cap it below panic mode."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Fingerprint the plugin

The attacker first confirms the target is a WordPress site running geeky-bot, typically with WPScan or direct requests for plugin assets/readme files. They only need to establish plugin presence and a version at or below 1.2.0 before moving to exploit attempts.

Conditions required:

Target exposes a public WordPress site
Plugin files, asset paths, or behavior are externally fingerprintable
GeekyBot is installed and active

Where this breaks in practice:

Some sites block enumeration of readme.txt and plugin paths
Asset minimization, CDN caching, or custom hardening can hide the exact version
A lot of enterprises do not run this plugin at all

Detection/coverage: Good coverage from WPScan, WordPress asset inventory, and file-based SCA on the host. Network scanners rarely prove the vulnerable code path by themselves.

STEP 02

Reach the vulnerable request path

The attacker sends input into the plugin's public chatbot/session flow until the vulnerable attributekey handling is hit. Public exploit tooling would likely use Burp Suite for request tracing and then automate with sqlmap once the injectable parameter and response pattern are understood.

Conditions required:

The vulnerable chatbot/session endpoint is reachable without authentication
The site's routing, cache, and WAF do not block the request flow
The vulnerable code path is still enabled in production

Where this breaks in practice:

If the chatbot frontend is disabled or not exposed, the bug may be unreachable in practice
Aggressive WAF rules often catch commodity SQLi payloads
Some requests may require valid cookies or a live session sequence

Detection/coverage: WAFs and reverse proxies often log the probing phase. Look for unusual attributekey values, SQL metacharacters, or bursty boolean/time-based requests to WordPress AJAX/chat endpoints.

STEP 03

Prove injection and extract data

Once the request pattern is known, sqlmap or a custom script can test boolean or time-based payloads and then pivot into extracting database content. The disclosed impact emphasizes confidentiality, so the practical first objective is credential material, session artifacts, emails, API secrets, and plugin configuration data.

Conditions required:

Input is still concatenated into SQL on the server
The database account used by WordPress can read the relevant tables
Responses, timing, or side effects are observable enough to exfiltrate data

Where this breaks in practice:

Blind-only extraction is slower and noisier than error-based or UNION-friendly paths
WAF throttling and rate limits can materially slow extraction
Database least privilege can reduce what is recoverable

Detection/coverage: High detection opportunity in web logs and DB telemetry: repetitive requests, conditional payloads, SLEEP()-style timing, and anomalous reads against WordPress user/session tables.

STEP 04

Turn data theft into site compromise

If password hashes, auth cookies, reset tokens, or plugin secrets are recovered, the attacker can chain into administrative takeover using normal WordPress mechanisms rather than the SQLi itself. That chaining is where business impact jumps from 'read data' to 'full site control,' but it depends on what data is actually exposed and whether follow-on controls like MFA are present.

Conditions required:

Useful secrets or credentials are present in readable tables
Admins reuse weak credentials or sessions remain valid
No strong MFA or downstream secret rotation blocks the next hop

Where this breaks in practice:

The disclosed CVSS does not guarantee write access or direct RCE
Modern MFA can break the admin-takeover chain
Password hashing and secret hygiene may limit reuse value

Detection/coverage: EDR will not help much at the SQLi stage; stronger signals are unusual WordPress admin logins, session anomalies, password reset events, and post-exploitation plugin/theme changes.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No authoritative exploitation evidence found in the sources reviewed. Not in CISA KEV as of the current catalog state.
Proof-of-concept availability	No clean public GitHub PoC surfaced in search, but Atomic Edge published a technical diff-based writeup showing the vulnerable SQL concatenation and patch mechanics, which is enough for a competent operator to reproduce.
EPSS	0.00084 (user-supplied), which is very low. FIRST documents EPSS as a 30-day exploitation probability metric; low EPSS is meaningful downward pressure here.
KEV status	Not listed in the CISA KEV catalog. No due date applies because there is no KEV entry.
CVSS vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N` — pre-auth and remote, but the published impact is data disclosure only, not direct write/RCE.
Affected versions	<= 1.2.0 according to NVD, Wordfence, and Patchstack.
Fixed version	1.2.1 per Patchstack and the WordPress plugin changelog's security update sequence. No distro backport story applies; this is a WordPress plugin update problem.
Exposure footprint	WordPress.org lists 6,000+ active installations. That is internet-facing software, but still a comparatively small population versus mass-market plugins.
Disclosure timeline	Wordfence lists publication on 2026-05-04; NVD publication is 2026-05-05. Use the absolute dates — this is a very fresh vulnerability.
Researcher / source CNA	Research credited to Nguyen Ngoc Duc (duc193). CVE source/CNA shown by NVD is Wordfence.

04 · The Call

noisgate verdict.

Final Verdict

= UNCHANGED to HIGH (7.1/10)

The decisive factor is pre-auth remote reachability on a public WordPress workflow: if you run this plugin, the attacker does not need prior access, credentials, or user clicks. It does not go higher because the exposed population is small, the published impact is read-focused rather than direct code execution, and there is no KEV or confirmed active exploitation to justify emergency-bucket treatment.

HIGH Affected version range and fixed version

MEDIUM Exploit path details beyond the public advisories

MEDIUM Reassessed severity versus vendor baseline

Why this verdict

No attacker foothold required: unauthenticated remote SQLi means this is not post-initial-access and does not depend on phishing, VPN access, or stolen creds.
Reachable population is small: WordPress.org shows only 6,000+ active installs, so the internet-wide blast radius is much smaller than the average WordPress SQLi headline.
Threat signals are weak so far: no KEV and a very low EPSS (0.00084) are meaningful downward adjustments from the raw CVSS 7.5 baseline.
Impact is serious but not maximal: the published vector is confidentiality-only; data theft can absolutely lead to takeover, but that requires a second step and is not guaranteed by the bug itself.
Commodity defenses help: WAF rules, managed WordPress firewalls, and request filtering often disrupt common SQLi payloads, especially during mass scanning.

Why not higher?

This is not a KEV-listed bug, there is no authoritative sign of active exploitation in the reviewed sources, and the install base is modest. More importantly, the disclosed impact does not include direct unauthenticated code execution or database writes, so it lacks the instant-destruction profile that pushes plugin flaws into CRITICAL.

Why not lower?

Dropping this to MEDIUM would understate the lack of prerequisites. An internet attacker can hit a public WordPress workflow without auth, and successful SQLi against a CMS database can expose credentials, session material, and secrets that turn into full site compromise fast enough to matter.

05 · Compensating Control

What to do — in priority order.

Restrict public access to the chatbot path — If you cannot patch immediately, put the GeekyBot-facing routes behind IP allowlists, maintenance mode, or temporary disablement where business permits. For a HIGH finding, deploy this compensating control within 30 days if patch rollout is delayed, but sooner on any internet-facing site.
Enable or tighten WAF SQLi rules — Turn on managed SQL injection protections at the CDN, reverse proxy, or host firewall layer and verify WordPress-specific exceptions are not bypassing the chatbot flow. For a HIGH finding, tune and deploy these protections within 30 days.
Monitor WordPress and DB logs for extraction patterns — Hunt for repeated requests with SQL metacharacters, boolean/time-based probes, and suspicious bursts against WordPress AJAX/chat endpoints. Stand up alerting within 30 days so you have detection coverage while remediation proceeds.
Rotate sensitive secrets if compromise is suspected — If logs suggest probing or successful extraction, rotate WordPress admin passwords, session cookies, API keys, and any database credentials stored alongside the app. Do this immediately on suspected compromise, not on the normal patch cadence.

What doesn't work

EDR on the web server does little at the initial exploitation stage because the attack is happening inside normal PHP/MySQL request handling.
MFA alone does not stop the data-extraction phase; it only helps if the attacker tries to turn stolen data into admin access later.
Hiding the plugin version is not a fix. It may slow cheap scanners, but it does not remove the vulnerable code path.

06 · Verification

Crowdsourced verification payload.

Run this on the target WordPress host or inside the web container, not from an auditor workstation. Invoke it as bash verify-geekybot-cve-2026-3456.sh /var/www/html/wp-content/plugins/geeky-bot; it needs only read access to the plugin directory and will report VULNERABLE, PATCHED, or UNKNOWN based on the installed version.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# verify-geekybot-cve-2026-3456.sh
# Check whether installed GeekyBot plugin version is affected by CVE-2026-3456.
# Exit codes:
#   0 = PATCHED
#   1 = VULNERABLE
#   2 = UNKNOWN / unable to determine

set -u

TARGET_DIR="${1:-}"
FIXED_VERSION="1.2.1"
VULN_MAX="1.2.0"

if [[ -z "$TARGET_DIR" ]]; then
  echo "UNKNOWN - usage: $0 /path/to/wp-content/plugins/geeky-bot"
  exit 2
fi

if [[ ! -d "$TARGET_DIR" ]]; then
  echo "UNKNOWN - directory not found: $TARGET_DIR"
  exit 2
fi

version=""

# 1) Prefer readme.txt stable tag
if [[ -f "$TARGET_DIR/readme.txt" ]]; then
  version=$(grep -iE '^Stable tag:[[:space:]]*' "$TARGET_DIR/readme.txt" | head -n1 | sed -E 's/^Stable tag:[[:space:]]*//I' | tr -d '\r')
fi

# 2) Fall back to plugin header Version: in PHP files
if [[ -z "$version" ]]; then
  while IFS= read -r -d '' phpfile; do
    candidate=$(grep -iE '^\s*Version:[[:space:]]*' "$phpfile" | head -n1 | sed -E 's/^\s*Version:[[:space:]]*//I' | tr -d '\r')
    if [[ -n "$candidate" ]]; then
      version="$candidate"
      break
    fi
  done < <(find "$TARGET_DIR" -maxdepth 2 -type f -name '*.php' -print0 2>/dev/null)
fi

# 3) Normalize
version=$(echo "$version" | sed -E 's/^[[:space:]]+|[[:space:]]+$//g')

if [[ -z "$version" ]]; then
  echo "UNKNOWN - could not determine installed GeekyBot version"
  exit 2
fi

# version_le a b => true if a <= b
version_le() {
  local a="$1" b="$2"
  local first
  first=$(printf '%s\n%s\n' "$a" "$b" | sort -V | head -n1)
  [[ "$first" == "$a" ]]
}

if version_le "$version" "$VULN_MAX"; then
  echo "VULNERABLE - GeekyBot version $version is <= $VULN_MAX (fixed in $FIXED_VERSION)"
  exit 1
fi

if version_le "$FIXED_VERSION" "$version"; then
  echo "PATCHED - GeekyBot version $version is >= $FIXED_VERSION"
  exit 0
fi

# Defensive fallback for odd version strings
if [[ "$version" == "$FIXED_VERSION" ]]; then
  echo "PATCHED - GeekyBot version $version"
  exit 0
fi

echo "UNKNOWN - parsed version '$version' but comparison was inconclusive"
exit 2

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning: identify every WordPress estate that actually runs geeky-bot, confirm whether it is internet-exposed, and verify versions with host-based inventory rather than banner guessing. Because this is HIGH, the noisgate mitigation SLA is ≤30 days for compensating controls such as temporary route restriction or WAF enforcement, and the noisgate remediation SLA is ≤180 days to get to 1.2.1 or later; there is no KEV or active exploitation override, so this is urgent web hygiene, not an hours-level fire drill.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.