PT-2026-25157 · Roxnor · Getgenie – Ai Content Writer With Keyword Research & Seo Tracking Tools
Quốc Huy
·
Published
2026-03-13
·
Updated
2026-03-13
·
CVE-2026-2257
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GetGenie plugin for WordPress versions through 4.3.2
Description
The GetGenie plugin for WordPress is susceptible to an Insecure Direct Object Reference issue due to missing validation on a user-controlled key within the
action function. This allows authenticated attackers with Author-level access or higher to modify post metadata for any post. The lack of input sanitization, combined with this issue, can lead to Stored Cross-Site Scripting when a user with higher privileges, such as an Administrator, views the "Competitor" tab in the GetGenie sidebar of an affected post. The vulnerable parameter is a user-controlled key used in the action function.Recommendations
Update the GetGenie plugin to a version later than 4.3.2.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Getgenie – Ai Content Writer With Keyword Research & Seo Tracking Tools