How severe is CVE-2026-3456?

High severity. CVSS v3 base score is 7.5 out of 10.

SQL Injection in Ahmadgb Geekybot — Ai Copilot, Chatbot, Woocommerce Lead Gen & Zero-prompt Content

CVE-2026-3456

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the…

Vulnerability class: SQL Injection

EPSS: 0.001 (24.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Ahmadgb Geekybot — Ai Copilot, Chatbot, Woocommerce Lead Gen & Zero-prompt Content — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

Frequently asked questions

What is CVE-2026-3456?: CVE-2026-3456 is a high-severity vulnerability in Ahmadgb Geekybot — Ai Copilot, Chatbot, Woocommerce Lead Gen & Zero-prompt Content, classified under SQL Injection. CVSS score: 7.5/10. Published 2026-05-05.
How severe is CVE-2026-3456?: High severity. CVSS v3 base score is 7.5 out of 10.