{"vulnerability": "CVE-2026-5294", "sightings": [{"uuid": "af4181a2-ce64-4f81-add2-3350fca2afa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5294", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116520086781199288", "content": "\ud83d\udea8 CRITICAL: CVE-2026-5294 in Geeky Bot WP plugin (\u22641.2.2) allows unauthenticated RCE by installing arbitrary plugins via an exposed AJAX endpoint. Disable or remove plugin & monitor for patches. https://radar.offseq.com/threat/cve-2026-5294-cwe-862-missing-authorization-in-ahm-a69c64e2 #OffSeq #WordPress #Vuln #InfoSec", "creation_timestamp": "2026-05-05T04:30:26.688484Z"}, {"uuid": "d4e809ea-3a5f-4dac-a168-53c7e4625eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5294", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3ml3e2ul6oy2l", "content": "Geeky Bot WP plugin (\u22641.2.2) has a CRITICAL flaw: unauth attackers can install plugins & run code. Disable or remove plugin ASAP and watch for patches. https://radar.offseq.com/threat/cve-2026-5294-cwe-862-missing-authorization-in-ahm-a69c64e2 #OffSeq #WordPress #Security", "creation_timestamp": "2026-05-05T04:30:28.329608Z"}, {"uuid": "24d9869c-0c43-42d1-9795-251b6afa5b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5294", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4vqdvtin2q", "content": "\ud83d\udd34 CVE-2026-5294 - Critical (9.8)\n\nThe Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-5294/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T19:19:22.357081Z"}, {"uuid": "9a3a2636-2df0-461c-9de8-e2d52d00d0f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5294", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml3kh5qhtd2e", "content": "CVE-2026-5294 - GeekyBot\nCVE ID : CVE-2026-5294\n \n Published : May 5, 2026, 4:16 a.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route...", "creation_timestamp": "2026-05-05T06:24:42.574733Z"}]}