NVD CRITICAL: CVE-2026-5294 — The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in ver...

Tuesday, May 5, 2026 at 04:16 AM UTC·Source: NIST NVD

Updated: Tuesday, May 5, 2026 at 05:00 AM UTC

Executive Summary

The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files into wp-content/plugins/. This makes it possible for unauthenticated attackers to perform arbitrary plug

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-5294

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 5, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Franklin Templeton and MoonPay bid to expand institutional access to tokenised funds

Franklin Templeton and MoonPay today announced a strategic partnership to make tokenized financial products more accessible and usable across the onchain financial ecosystem.

Just nowFinextra

MEDIUMVulnerabilityNEW

Investing app Plynk revamps app

Plynk, the award-winning investing app designed to uncomplicate the investing experience and empower users with confidence-boosting tools, announced its app upgrade and rebrand alongside the launch of the dividend match, a first-of its-kind offer.

Just nowFinextra

MEDIUMVulnerabilityNEW

DNB Bank expands partnership with Infosys for AI-driven financial crime operations

Infosys (NSE, BSE, NYSE: INFY), a global leader in AI-first business consulting and technology services, today announced the expansion of its strategic collaboration with DNB Bank ASA (DNB), Norway’s largest bank, to modernize its Financial Crime (FinCrime) operations using NICE Actimize X-Sight Enterprise platform.

Just nowFinextra