WordPress Plugin Vulnerabilities

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content < 1.2.3 - Unauthenticated Arbitrary File Upload

Description

The GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
geeky-bot
Fixed in 1.2.3

References

CVE
CVE-2026-40772
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/93495395-42cc-4787-be95-4691ff77d01b

Miscellaneous

Original Researcher
Nguyen Ba Khanh
Verified
No
WPVDB ID
9fcad32e-2e8e-4023-a4aa-441bb34a7a40

Timeline

Publicly Published
2026-04-21 (about 1 month ago)
Added
2026-04-30 (about 25 days ago)
Last Updated
2026-04-30 (about 25 days ago)

Other

Published
Title
Published
2025-04-14
Title
JS Job Manager <= 2.0.2 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
WP Marketplace 1.1.0 - Shell Upload
Published
2022-10-17
Title
Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload
Published
2024-11-08
Title
Computer Repair Shop < 3.8116 - Unauthenticated Arbitrary File Upload
Published
2020-09-01
Title
File Manager 6.0-6.9 - Unauthenticated Arbitrary File Upload leading to RCE