WP-Safety

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation Security & Risk Analysis

wordpress.org/plugins/geeky-bot

Generate AI content without prompt, AI chatbot, WooCommerce lead generation, intelligent web search, and interactive customer engagement on your WordP …

5K active installs v1.2.2 PHP + WP 5.0+ Updated Mar 9, 2026
aichatbotgptlead-generationopenai
97
A · Safe
CVEs total1
Unpatched0
Last CVEJan 13, 2026
Plugin page Download
Safety Verdict

Is GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation Safe to Use in 2026?

Generally Safe

Score 97/100

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 13, 2026Updated 25d ago
Risk Assessment

The "geeky-bot" plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and output escaping, with 84% and 99% respectively, significant concerns arise from its attack surface. A total of 13 AJAX handlers were identified, all of which lack authentication checks. This creates a substantial entry point for attackers to potentially exploit the plugin's functionalities without proper authorization. The taint analysis further exacerbates this, revealing 4 flows with unsanitized paths, including 2 of high severity, indicating potential risks related to how user-supplied data is handled, especially in conjunction with the unprotected AJAX endpoints.

The plugin's vulnerability history shows a single high-severity CVE related to Cross-site Scripting, although it is currently marked as unpatched. The fact that the last vulnerability was in the future (2026-01-13) is likely an error in the provided data, but the presence of a past high-severity XSS vulnerability, especially when coupled with the taint analysis findings, suggests that improper handling of input could lead to such issues. While the plugin shows strengths in some areas, the large number of unprotected AJAX endpoints and the identified unsanitized data flows are critical weaknesses that require immediate attention to mitigate potential security risks.

Key Concerns

  • 13 AJAX handlers without auth checks
  • 2 High severity taint flows with unsanitized paths
  • 1 High severity unpatched CVE
  • 4 Flows with unsanitized paths
Vulnerabilities
1

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-15266high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting

Jan 13, 2026 Patched in 1.1.9 (10d)
Code Analysis
Analyzed Mar 16, 2026

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation Code Analysis

Dangerous Functions
0
Raw SQL Queries
25
132 prepared
Unescaped Output
37
4870 escaped
Nonce Checks
105
Capability Checks
70
File Operations
18
External Requests
30
Bundled Libraries
2

Bundled Libraries

Select2jQuery

SQL Query Safety

84% prepared157 total queries

Output Escaping

99% escaped4907 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
GEEKYBOT_checkTriggers (includes\addon-updater\geekybotupdater.php:261)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation Attack Surface

Entry Points13
Unprotected13

AJAX Handlers 13

authwp_ajax_geekybot_ajaxincludes\ajax.php:9
noprivwp_ajax_geekybot_ajaxincludes\ajax.php:10
authwp_ajax_geekybot_frontendajaxincludes\frontendajax.php:10
noprivwp_ajax_geekybot_frontendajaxincludes\frontendajax.php:11
authwp_ajax_resetPasswordmodules\systemaction\model.php:11
authwp_ajax_SendChatToAdminmodules\systemaction\model.php:12
authwp_ajax_showAllProductsmodules\woocommerce\model.php:13
authwp_ajax_searchProductmodules\woocommerce\model.php:14
authwp_ajax_getProductsUnderPricemodules\woocommerce\model.php:15
authwp_ajax_getProductsAbovePricemodules\woocommerce\model.php:16
authwp_ajax_getProductsBetweenPricemodules\woocommerce\model.php:17
authwp_ajax_viewCartmodules\woocommerce\model.php:18
authwp_ajax_checkOutmodules\woocommerce\model.php:19
WordPress Hooks 70
actionsave_post_productgeeky-bot.php:66
actiongeekyboot_load_wp_pcl_zipgeeky-bot.php:67
actiongeekyboot_load_wp_filegeeky-bot.php:68
actiongeekyboot_load_wp_plugin_filegeeky-bot.php:69
actiongeekyboot_load_wp_admin_filegeeky-bot.php:70
actiongeekyboot_load_phpassgeeky-bot.php:71
actionadmin_noticesgeeky-bot.php:78
actionadmin_noticesgeeky-bot.php:82
actionwp_insert_sitegeeky-bot.php:120
actionwpmu_new_bloggeeky-bot.php:122
actiongeekybot_data_checkgeeky-bot.php:124
filterwpmu_drop_tablesgeeky-bot.php:125
filterwp_chatbot_story_intent_function_notificationgeeky-bot.php:126
actionplugins_loadedgeeky-bot.php:127
actionadmin_initgeeky-bot.php:128
actionwp_footergeeky-bot.php:129
actionreset_geekybot_aadon_querygeeky-bot.php:130
actiongeekybot_unique_checkgeeky-bot.php:132
actionadmin_initgeeky-bot.php:133
actionadmin_initgeeky-bot.php:134
actioninitgeeky-bot.php:135
actiongeekybot_delete_expire_session_datageeky-bot.php:136
filtersafe_style_cssgeeky-bot.php:137
actiongeekyboot_load_wp_pcl_zipgeeky-bot.php:148
actiongeekyboot_load_wp_filegeeky-bot.php:149
actiongeekyboot_load_wp_plugin_filegeeky-bot.php:150
actiongeekyboot_load_wp_admin_filegeeky-bot.php:151
actiongeekyboot_load_phpassgeeky-bot.php:152
actionupgrader_process_completegeeky-bot.php:153
actionactivated_plugingeeky-bot.php:154
actiondeactivated_plugingeeky-bot.php:155
actionwp_loadedgeeky-bot.php:156
actionadmin_noticesgeeky-bot.php:158
actionadmin_footergeeky-bot.php:159
actionadmin_noticesgeeky-bot.php:167
actionadmin_footergeeky-bot.php:168
actionwp_insert_postgeeky-bot.php:176
actionwp_insert_postgeeky-bot.php:181
actionwp_insert_postgeeky-bot.php:183
actiongeekybot_cron_sync_assistant_datageeky-bot.php:185
actionadmin_noticesgeeky-bot.php:199
filterupload_mimesgeeky-bot.php:202
actioninitgeeky-bot.php:1274
actiongeekybot_addon_update_date_failedgeeky-bot.php:1287
actionwp_enqueue_scriptsgeeky-bot.php:1306
actionadmin_enqueue_scriptsgeeky-bot.php:1315
actionwp_headgeeky-bot.php:1324
actionadmin_enqueue_scriptsgeeky-bot.php:1335
filterstyle_loader_taggeeky-bot.php:1336
filterscript_loader_taggeeky-bot.php:1337
actionadd_meta_boxesgeeky-bot.php:1355
actionenqueue_block_editor_assetsgeeky-bot.php:1356
actionmedia_buttonsgeeky-bot.php:1359
actionadmin_footergeeky-bot.php:1360
actionadmin_enqueue_scriptsgeeky-bot.php:1361
actionadmin_initincludes\addon-updater\geekybotupdater.php:32
filterplugins_apiincludes\addon-updater\geekybotupdater.php:39
actionadmin_noticesincludes\addon-updater\geekybotupdater.php:43
actionafter_plugin_rowincludes\addon-updater\geekybotupdater.php:44
actionwp_dashboard_setupincludes\dashboardapi.php:16
actioninitincludes\formhandler.php:9
actioninitincludes\formhandler.php:10
filterauthenticateincludes\geekybot-hooks.php:7
actionadmin_headincludes\geekybot-hooks.php:27
actionadmin_menuincludes\geekybotadmin.php:9
filterupload_dirmodules\stories\model.php:2851
filterupload_dirmodules\themes\model.php:40
filterupload_dirmodules\themes\model.php:78
filterupload_dirmodules\themes\model.php:109
filterhttp_request_argsmodules\zywrap\model.php:877

Scheduled Events 4

geekybot_delete_expire_session_data
geekybot_unique_check
geekybot_data_check
geekybot_cron_sync_assistant_data
Maintenance & Trust

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version
Downloads138K

Community Trust

Rating100/100
Number of ratings4
Active installs5K
Alternatives

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation Alternatives

AI Engine – The Chatbot, AI Framework & MCP for WordPress

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

B
76

AI meets WordPress. Your site can now chat, write poetry, solve problems, and maybe make you coffee.

100K 22 CVEs
AI Puffer – Your AI engine for WordPress (formerly AI Power)

AI Puffer – Your AI engine for WordPress (formerly AI Power)

gpt3-ai-content-generator

A
86

Your AI engine for WordPress. Chat, write, automate, and generate — all in one workspace.

10K 10 CVEs
AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation

AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation

ai-copilot

B
78

Boost productivity with ChatGPT AI Engine: automate content creation, enhance Gutenberg editing, and deploy AI chatbots for smarter, faster workflows.

1K 1 unpatched
AI ChatBot with ChatGPT and Content Generator by AYS

AI ChatBot with ChatGPT and Content Generator by AYS

ays-chatgpt-assistant

A
92

AI Writing Assistant, Chatbot, and virtual support all-in-one! Answer customer queries and generate content easily. Works with ChatGPT and Gemini.

500 6 CVEs
AI Chatbot Builder – Create Interactive Chatbots using OpenAI API

AI Chatbot Builder – Create Interactive Chatbots using OpenAI API

ai-chatbot-builder

A
100

Integrate the OpenAI API to build customizable chatbots directly within WordPress.

300 No CVEs
Developer Profile

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation Developer Profile

ahmadgb

1 plugin · 5K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
10 days
View full developer profile
Detection Fingerprints

How We Detect GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/geeky-bot/includes/js/geekybot.js/wp-content/plugins/geeky-bot/includes/css/geekybot.css/wp-content/plugins/geeky-bot/includes/css/geekybot_styles.css/wp-content/plugins/geeky-bot/includes/css/geekybot_chat.css
Script Paths
/wp-content/plugins/geeky-bot/includes/js/geekybot.js
Version Parameters
geeky-bot/includes/js/geekybot.js?ver=geeky-bot/includes/css/geekybot.css?ver=geeky-bot/includes/css/geekybot_styles.css?ver=geeky-bot/includes/css/geekybot_chat.css?ver=

HTML / DOM Fingerprints

CSS Classes
geekybot-chat-widget
HTML Comments
<!-- Geeky Bot --><!-- BEGIN GeekyBot Chat Widget -->
Data Attributes
data-geekybot-settings
JS Globals
window.geekybot_ajax_urlwindow.geekybot_settingswindow.geekybot_initial_message
REST Endpoints
/wp-json/geekybot/v1/chat/wp-json/geekybot/v1/search
FAQ

Frequently Asked Questions about GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation