Getgenie
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-54197 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. | ||
| CVE-2026-2257 | Med | 0.42 | 6.4 | 0.00 | Mar 13, 2026 | The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function. This makes it possible for authenticated attackers, with Author-level… | ||
| CVE-2026-2879 | Med | 0.35 | 5.4 | 0.00 | Mar 13, 2026 | The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the `id` parameter in the `create()` method of the `GetGenieChat` REST API endpoint. The method accepts a… | ||
| CVE-2026-24356 | Med | 0.32 | 4.9 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0. | ||
| CVE-2026-1003 | Med | 0.21 | 4.3 | 0.00 | Jan 16, 2026 | The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authenticated attackers, with… |
- risk 0.42cvss 6.5epss 0.00
Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
- risk 0.42cvss 6.4epss 0.00
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function. This makes it possible for authenticated attackers, with Author-level…
- risk 0.35cvss 5.4epss 0.00
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the `id` parameter in the `create()` method of the `GetGenieChat` REST API endpoint. The method accepts a…
- risk 0.32cvss 4.9epss 0.00
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
- risk 0.21cvss 4.3epss 0.00
The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authenticated attackers, with…