PT-2026-2822 · WordPress · Geekybot — Generate Ai Content Without Prompt

D.Sim

Published

2026-01-14

Updated

2026-01-19

CVE-2025-15266

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress versions through 1.1.7

Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the chat message field. This allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when an administrator accesses the Chat History page.

Recommendations Update GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress to a version later than 1.1.7.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-15266

Affected Products

Geekybot — Generate Ai Content Without Prompt

PT-2026-2822 · WordPress · Geekybot — Generate Ai Content Without Prompt

CVE-2025-15266

Weakness Enumeration

Related Identifiers

Affected Products

References · 8