WP-Safety

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Security & Risk Analysis

wordpress.org/plugins/geeky-bot

Transform your WordPress website into an AI powerhouse. GeekyBot is the ultimate all-in-one AI plugin that brings intelligent chatbots, WooCommerce le …

6K active installs v1.2.4 PHP + WP 5.0+ Updated Apr 10, 2026
aichatbotcopilotopenaiwoocommerce
87
A · Safe
CVEs total5
Unpatched0
Last CVEMay 4, 2026
Plugin page Download
Safety Verdict

Is GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Safe to Use in 2026?

Generally Safe

Score 87/100

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: May 4, 2026Updated 1mo ago
Risk Assessment

The "geeky-bot" plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and output escaping, with 84% and 99% respectively, significant concerns arise from its attack surface. A total of 13 AJAX handlers were identified, all of which lack authentication checks. This creates a substantial entry point for attackers to potentially exploit the plugin's functionalities without proper authorization. The taint analysis further exacerbates this, revealing 4 flows with unsanitized paths, including 2 of high severity, indicating potential risks related to how user-supplied data is handled, especially in conjunction with the unprotected AJAX endpoints.

The plugin's vulnerability history shows a single high-severity CVE related to Cross-site Scripting, although it is currently marked as unpatched. The fact that the last vulnerability was in the future (2026-01-13) is likely an error in the provided data, but the presence of a past high-severity XSS vulnerability, especially when coupled with the taint analysis findings, suggests that improper handling of input could lead to such issues. While the plugin shows strengths in some areas, the large number of unprotected AJAX endpoints and the identified unsanitized data flows are critical weaknesses that require immediate attention to mitigate potential security risks.

Key Concerns

  • 13 AJAX handlers without auth checks
  • 2 High severity taint flows with unsanitized paths
  • 1 High severity unpatched CVE
  • 4 Flows with unsanitized paths
Vulnerabilities
5 published

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Security Vulnerabilities

CVEs by Year

5 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
4

5 total CVEs

CVE-2026-5294critical · 9.8Missing Authorization

GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action

May 4, 2026 Patched in 1.2.3 (1d)
CVE-2026-3456high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'

May 4, 2026 Patched in 1.2.1 (1d)
CVE-2026-40772high · 8.8Unrestricted Upload of File with Dangerous Type

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content <= 1.2.2 - Unauthenticated Arbitrary File Upload

Apr 21, 2026 Patched in 1.2.3 (10d)
CVE-2026-39519high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content <= 1.2.0 - Unauthenticated SQL Injection

Apr 8, 2026 Patched in 1.2.1 (6d)
CVE-2025-15266high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting

Jan 13, 2026 Patched in 1.1.9 (10d)
Version History

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Release Timeline

v1.2.4Current
v1.2.3
v1.2.22 CVEs
CVE-2026-40772 CVE-2026-5294
v1.2.12 CVEs
CVE-2026-40772 CVE-2026-5294
v1.2.04 CVEs
CVE-2026-39519 CVE-2026-3456 CVE-2026-40772 +1 more
v1.1.94 CVEs
CVE-2026-39519 CVE-2026-3456 CVE-2026-40772 +1 more
v1.1.85 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.1.75 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.1.65 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.1.55 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.1.45 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.1.35 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.1.25 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.1.15 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.1.05 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.0.95 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.0.85 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.0.75 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.0.65 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
v1.0.55 CVEs
CVE-2026-39519 CVE-2025-15266 CVE-2026-3456 +2 more
Code Analysis
Analyzed Mar 16, 2026

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Code Analysis

Dangerous Functions
0
Raw SQL Queries
25
132 prepared
Unescaped Output
37
4870 escaped
Nonce Checks
105
Capability Checks
70
File Operations
18
External Requests
30
Bundled Libraries
2

Bundled Libraries

Select2jQuery

SQL Query Safety

84% prepared157 total queries

Output Escaping

99% escaped4907 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
GEEKYBOT_checkTriggers (includes\addon-updater\geekybotupdater.php:261)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Attack Surface

Entry Points13
Unprotected13

AJAX Handlers 13

authwp_ajax_geekybot_ajaxincludes\ajax.php:9
noprivwp_ajax_geekybot_ajaxincludes\ajax.php:10
authwp_ajax_geekybot_frontendajaxincludes\frontendajax.php:10
noprivwp_ajax_geekybot_frontendajaxincludes\frontendajax.php:11
authwp_ajax_resetPasswordmodules\systemaction\model.php:11
authwp_ajax_SendChatToAdminmodules\systemaction\model.php:12
authwp_ajax_showAllProductsmodules\woocommerce\model.php:13
authwp_ajax_searchProductmodules\woocommerce\model.php:14
authwp_ajax_getProductsUnderPricemodules\woocommerce\model.php:15
authwp_ajax_getProductsAbovePricemodules\woocommerce\model.php:16
authwp_ajax_getProductsBetweenPricemodules\woocommerce\model.php:17
authwp_ajax_viewCartmodules\woocommerce\model.php:18
authwp_ajax_checkOutmodules\woocommerce\model.php:19
WordPress Hooks 70
actionsave_post_productgeeky-bot.php:66
actiongeekyboot_load_wp_pcl_zipgeeky-bot.php:67
actiongeekyboot_load_wp_filegeeky-bot.php:68
actiongeekyboot_load_wp_plugin_filegeeky-bot.php:69
actiongeekyboot_load_wp_admin_filegeeky-bot.php:70
actiongeekyboot_load_phpassgeeky-bot.php:71
actionadmin_noticesgeeky-bot.php:78
actionadmin_noticesgeeky-bot.php:82
actionwp_insert_sitegeeky-bot.php:120
actionwpmu_new_bloggeeky-bot.php:122
actiongeekybot_data_checkgeeky-bot.php:124
filterwpmu_drop_tablesgeeky-bot.php:125
filterwp_chatbot_story_intent_function_notificationgeeky-bot.php:126
actionplugins_loadedgeeky-bot.php:127
actionadmin_initgeeky-bot.php:128
actionwp_footergeeky-bot.php:129
actionreset_geekybot_aadon_querygeeky-bot.php:130
actiongeekybot_unique_checkgeeky-bot.php:132
actionadmin_initgeeky-bot.php:133
actionadmin_initgeeky-bot.php:134
actioninitgeeky-bot.php:135
actiongeekybot_delete_expire_session_datageeky-bot.php:136
filtersafe_style_cssgeeky-bot.php:137
actiongeekyboot_load_wp_pcl_zipgeeky-bot.php:148
actiongeekyboot_load_wp_filegeeky-bot.php:149
actiongeekyboot_load_wp_plugin_filegeeky-bot.php:150
actiongeekyboot_load_wp_admin_filegeeky-bot.php:151
actiongeekyboot_load_phpassgeeky-bot.php:152
actionupgrader_process_completegeeky-bot.php:153
actionactivated_plugingeeky-bot.php:154
actiondeactivated_plugingeeky-bot.php:155
actionwp_loadedgeeky-bot.php:156
actionadmin_noticesgeeky-bot.php:158
actionadmin_footergeeky-bot.php:159
actionadmin_noticesgeeky-bot.php:167
actionadmin_footergeeky-bot.php:168
actionwp_insert_postgeeky-bot.php:176
actionwp_insert_postgeeky-bot.php:181
actionwp_insert_postgeeky-bot.php:183
actiongeekybot_cron_sync_assistant_datageeky-bot.php:185
actionadmin_noticesgeeky-bot.php:199
filterupload_mimesgeeky-bot.php:202
actioninitgeeky-bot.php:1274
actiongeekybot_addon_update_date_failedgeeky-bot.php:1287
actionwp_enqueue_scriptsgeeky-bot.php:1306
actionadmin_enqueue_scriptsgeeky-bot.php:1315
actionwp_headgeeky-bot.php:1324
actionadmin_enqueue_scriptsgeeky-bot.php:1335
filterstyle_loader_taggeeky-bot.php:1336
filterscript_loader_taggeeky-bot.php:1337
actionadd_meta_boxesgeeky-bot.php:1355
actionenqueue_block_editor_assetsgeeky-bot.php:1356
actionmedia_buttonsgeeky-bot.php:1359
actionadmin_footergeeky-bot.php:1360
actionadmin_enqueue_scriptsgeeky-bot.php:1361
actionadmin_initincludes\addon-updater\geekybotupdater.php:32
filterplugins_apiincludes\addon-updater\geekybotupdater.php:39
actionadmin_noticesincludes\addon-updater\geekybotupdater.php:43
actionafter_plugin_rowincludes\addon-updater\geekybotupdater.php:44
actionwp_dashboard_setupincludes\dashboardapi.php:16
actioninitincludes\formhandler.php:9
actioninitincludes\formhandler.php:10
filterauthenticateincludes\geekybot-hooks.php:7
actionadmin_headincludes\geekybot-hooks.php:27
actionadmin_menuincludes\geekybotadmin.php:9
filterupload_dirmodules\stories\model.php:2851
filterupload_dirmodules\themes\model.php:40
filterupload_dirmodules\themes\model.php:78
filterupload_dirmodules\themes\model.php:109
filterhttp_request_argsmodules\zywrap\model.php:877

Scheduled Events 4

geekybot_delete_expire_session_data
geekybot_unique_check
geekybot_data_check
geekybot_cron_sync_assistant_data
Maintenance & Trust

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 10, 2026
PHP min version
Downloads154K

Community Trust

Rating100/100
Number of ratings4
Active installs6K
Alternatives

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Alternatives

Chatbot with ChatGPT WordPress

Chatbot with ChatGPT WordPress

smartsearchwp

A
94

Turn your WordPress content into a ChatGPT-powered AI assistant with semantic search, contextual answers, and full control.

100 4 CVEs
WPiko AI Chatbot – ChatGPT/OpenAI Assistant for WordPress

WPiko AI Chatbot – ChatGPT/OpenAI Assistant for WordPress

wpiko-chatbot

A
100

AI chatbot for WordPress with ChatGPT/OpenAI. WooCommerce, lead capture, and 24/7 support. Powered by Responses API. No monthly subscription.

30 No CVEs
Hey Trisha

Hey Trisha

hey-trisha

A
100

AI-powered chatbot using OpenAI GPT for WordPress and WooCommerce. Natural language queries, product management, and intelligent responses.

0 No CVEs
AI Engine – The Chatbot, AI Framework & MCP for WordPress

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

B
76

AI meets WordPress. Your site can now chat, write poetry, solve problems, and maybe make you coffee.

100K 22 CVEs
AI Puffer – Chat. Create. Automate. (formerly AI Power)

AI Puffer – Chat. Create. Automate. (formerly AI Power)

gpt3-ai-content-generator

A
90

Chat. Create. Automate.

10K 10 CVEs
Developer Profile

GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content Developer Profile

ahmadgb

1 plugin · 6K total installs

91
trust score
Avg Security Score
87/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/geeky-bot/includes/js/geekybot.js/wp-content/plugins/geeky-bot/includes/css/geekybot.css/wp-content/plugins/geeky-bot/includes/css/geekybot_styles.css/wp-content/plugins/geeky-bot/includes/css/geekybot_chat.css
Script Paths
/wp-content/plugins/geeky-bot/includes/js/geekybot.js
Version Parameters
geeky-bot/includes/js/geekybot.js?ver=geeky-bot/includes/css/geekybot.css?ver=geeky-bot/includes/css/geekybot_styles.css?ver=geeky-bot/includes/css/geekybot_chat.css?ver=

HTML / DOM Fingerprints

CSS Classes
geekybot-chat-widget
HTML Comments
<!-- Geeky Bot --><!-- BEGIN GeekyBot Chat Widget -->
Data Attributes
data-geekybot-settings
JS Globals
window.geekybot_ajax_urlwindow.geekybot_settingswindow.geekybot_initial_message
REST Endpoints
/wp-json/geekybot/v1/chat/wp-json/geekybot/v1/search
FAQ

Frequently Asked Questions about GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content