PT-2026-25157 · Roxnor · Getgenie – Ai Content Writer With Keyword Research & Seo Tracking Tools
Quốc Huy
·
Publicado
2026-03-13
·
Atualizado
2026-03-13
·
CVE-2026-2257
CVSS v3.1
6.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GetGenie plugin for WordPress versions through 4.3.2
Description
The GetGenie plugin for WordPress is susceptible to an Insecure Direct Object Reference issue due to missing validation on a user-controlled key within the
action function. This allows authenticated attackers with Author-level access or higher to modify post metadata for any post. The lack of input sanitization, combined with this issue, can lead to Stored Cross-Site Scripting when a user with higher privileges, such as an Administrator, views the "Competitor" tab in the GetGenie sidebar of an affected post. The vulnerable parameter is a user-controlled key used in the action function.Recommendations
Update the GetGenie plugin to a version later than 4.3.2.
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Getgenie – Ai Content Writer With Keyword Research & Seo Tracking Tools