CVE-2026-57679: WordPress GeekyBot plugin <= 1.2.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.
Metrics
- CVSS v3.1
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A SQL injection vulnerability affects the GeekyBot WordPress plugin at version 1.2.5 and below. The flaw is reachable over the network with no authentication required and no user interaction needed, making it trivially exploitable by any remote attacker. Successful exploitation gives an attacker direct read access to the WordPress database and limited ability to disrupt the service. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.
HarborGuard Coverage
Detection of CVE-2026-57679 is available across every HarborGuard environment. The CVE is ingested from upstream feeds, including Patchstack, within minutes of publication and matched against all customer images, including custom-built images that bundle the GeekyBot plugin.
AvailableTriage is available with the full CVSS v3.1 score of 9.3 (Critical) applied automatically to each matched finding. Per-environment compliance policy weighting can escalate or suppress the finding to the appropriate team inbox within each customer organization.
AvailableNo fix version has been published by the upstream maintainer as of the CVE publication date. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. Customers with auto-remediation enabled will receive a rebuild, regression-test run, and a PR opened against affected workloads automatically at that point.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable endpoint is exposed over the network, so an attacker must be able to send HTTP requests to the WordPress installation.
- AuthenticationNot required
No account or session credential of any kind is needed to reach the vulnerable code path.
- Victim interactionNot required
The attack is fully server-side; no user action such as clicking a link or loading a page is required.
- Attack complexityDetail
Exploitation is reliable and condition-free, requiring no race conditions, special memory layout, or environmental setup.
Blast Radius
- An attacker reads arbitrary rows from the WordPress database, including password hashes, user email addresses, stored session tokens, and any plugin or theme data.
- Because the scope token is Changed (S:C), data accessible to the database user beyond the WordPress application itself, such as other schemas on the same MySQL instance, may also be exposed.
- An attacker can cause limited availability disruption, such as degraded query performance or partial service interruption, through resource-intensive injection payloads.
How HarborGuard Handles This
Available on HarborGuard: because no upstream fix exists yet, HarborGuard continuously monitors the advisory and re-evaluates affected images on every ingest cycle. In the meantime, compensating controls can be applied at the container or cluster level, including network-policy rules that restrict inbound HTTP access to WordPress to known sources, egress filtering on the database container to block unexpected outbound connections, and disabling or removing the GeekyBot plugin as a feature-flag or image-build change until a patch is available. For customers with auto-remediation enabled, the moment the upstream maintainer publishes a patched version, HarborGuard will automatically trigger a patched-image rebuild, run regression tests, and open a PR against affected workloads. Given the Critical severity rating of 9.3, this CVE is prioritized for fastest-possible turnaround in that flow.
- Ahmadgb / GeekyBot≤ 1.2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L