A critical missing authorization flaw in the Geeky Bot WordPress plugin enables unauthenticated attackers to execute arbitrary code by installing malicious plugins.

The plugin exposes a nopriv AJAX route that lacks sufficient authorization checks. This allows an unauthenticated attacker to interact with a plugin installer helper, enabling the upload and extraction of malicious ZIP files into the site's directory.

This vulnerability permits full system compromise, as an attacker can gain remote code execution (RCE) on the underlying web server. Given the CVSS score of 9.8, the impact includes total loss of site control, data theft, and the potential for the server to be used in further malicious activities.

Immediate Action: Deactivate and remove the Geeky Bot plugin immediately if a patched version is not available or if the plugin is not mission-critical.

Proactive Monitoring: Monitor the wp-content/plugins/ directory for unauthorized file additions and audit server logs for suspicious AJAX requests.

Compensating Controls: Utilize a Web Application Firewall (WAF) to block requests to the vulnerable AJAX endpoints associated with the plugin.

Public Exploit Available: No

Due to the critical nature of unauthenticated remote code execution, organizations must treat this vulnerability with the highest level of urgency. If the plugin is required, ensure it is updated to a patched version immediately; otherwise, removal is the safest course of action.