Missing Authorization in Roxnor GetGenie Affects Access Control Mechanisms
CVE-2026-24356

4.9MEDIUM

Key Information:

Vendor

WordPress
Status
Getgenie
Vendor
CVE Published:
22 January 2026

What is CVE-2026-24356?

Roxnor's GetGenie plugin has a vulnerability that allows attackers to exploit improperly configured access controls, potentially permitting unauthorized access to sensitive functions or data. This affects versions of GetGenie up to 4.3.0, putting users at risk if they have not applied necessary security measures.

Affected Version(s)

GetGenie 0 <= 4.3.0

References

https://patchstack.com/database/Wordpress/Plugin/getgenie...
vdb-entry

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
.