PatchSiren cyber security CVE debrief
CVE-2026-39519 Ahmad CVE debrief
CVE-2026-39519 is a critical unauthenticated SQL injection vulnerability in the GeekyBot plugin versions <= 1.2.0. The vulnerability has a CVSS score of 9.3 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-39519). The CVE record can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-39519).
- Vendor
- Ahmad
- Product
- GeekyBot
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of the GeekyBot plugin versions <= 1.2.0 should be aware of this critical vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by an unauthenticated SQL injection weakness in the GeekyBot plugin. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L.
Defensive priority
high
Recommended defensive actions
- Update the GeekyBot plugin to a version greater than 1.2.0.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/geeky-bot/vulnerability/wordpress-geekybot-plugin-1-2-0-sql-injection-vulnerability?_s_id=cve) for mitigation or vendor reference.
Evidence notes
The vulnerability was reported by [email protected] and has a CWE-89 weakness.
Official resources
-
CVE-2026-39519 CVE record
CVE.org
-
CVE-2026-39519 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39519 was published on 2026-06-15T21:16:46.460Z and modified on 2026-06-15T21:24:32.790Z.