CVE-2026-40772: WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
Metrics
- CVSS v3.1
- 10.0
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An arbitrary file upload vulnerability exists in the GeekyBot WordPress plugin (versions 1.2.2 and below). The flaw is reachable over the network with no authentication required and no user interaction needed, making it trivially exploitable from the open internet. Successful exploitation allows an attacker to upload and execute arbitrary files on the server, enabling full remote code execution, data theft, and complete compromise of the affected host. No fix has been published; HarborGuard tracks the advisory and will make a patched rebuild available the moment an upstream fix is released.
HarborGuard Coverage
Detection for CVE-2026-40772 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle the GeekyBot plugin. Any image containing GeekyBot at version 1.2.2 or below will surface in scan results automatically.
AvailableHarborGuard scores this CVE at its published CVSS v3.1 rating of 10.0 (Critical) and weights findings against each customer environment's compliance policy to determine urgency and routing. Triage findings are surfaced to the appropriate team inbox within each customer organization based on policy-defined ownership rules.
AvailableBecause no upstream fix version has been published for CVE-2026-40772, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered without manual intervention once an upstream patch exists.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable plugin endpoint is exposed over the network, meaning an attacker can reach it from the open internet without needing any prior foothold on the host.
- AuthenticationNot required
No account or credentials of any kind are needed; the file upload endpoint accepts requests from unauthenticated users.
- Victim interactionNot required
The attack is fully automated and requires no action from any user or administrator on the target site.
- Attack complexityDetail
Exploitation is reliable and condition-free: no race conditions, memory layout dependencies, or other environmental factors stand between the attacker and a successful upload.
Blast Radius
- Attacker uploads a web shell or malicious PHP file and achieves remote code execution on the underlying server.
- Attacker reads sensitive files from the server, including WordPress configuration files containing database credentials.
- Attacker modifies or deletes site content, database records, and application files.
- Attacker pivots from the compromised host to other services or networks accessible from the server, given the CVSS Scope:Changed rating indicating impact beyond the vulnerable component.
How HarborGuard Handles This
Available on HarborGuard: images containing GeekyBot at version 1.2.2 or below are flagged as Critical the moment the CVE is ingested, with no manual scan trigger required. Because no upstream fix exists at this time, HarborGuard monitors the advisory on every ingest cycle and will initiate a patched-image rebuild automatically when a fix version is published; for customers with auto-remediation enabled, that rebuild is followed by a regression test run and a PR opened against affected workloads. In the interim, recommended compensating controls include network-policy isolation to restrict inbound access to the WordPress file upload surface, egress filtering to limit outbound connections from the container, and disabling or removing the GeekyBot plugin entirely where its functionality is not essential.
- Ahmad / GeekyBot≤ 1.2.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H