VYPR

Getgenie

by WordPress

Source repositories

CVEs (5)

  • CVE-2026-54197MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.

  • CVE-2026-2257MedMar 13, 2026
    risk 0.42cvss 6.4epss 0.00

    The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function. This makes it possible for authenticated attackers, with Author-level…

  • CVE-2026-2879MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the `id` parameter in the `create()` method of the `GetGenieChat` REST API endpoint. The method accepts a…

  • CVE-2026-24356MedJan 22, 2026
    risk 0.32cvss 4.9epss 0.00

    Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.

  • CVE-2026-1003MedJan 16, 2026
    risk 0.21cvss 4.3epss 0.00

    The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authenticated attackers, with…