Insecure Direct Object Reference in GetGenie Plugin for WordPress
CVE-2026-2879

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Getgenie – Ai Content Writer With Keyword Research & Seo Tracking Tools
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-2879?

The GetGenie plugin for WordPress is susceptible to an Insecure Direct Object Reference vulnerability due to inadequate validation of the id parameter in its REST API endpoint. This flaw allows authenticated attackers with Author-level access or greater to modify arbitrary posts by simply providing a valid post ID, which potentially belongs to another user. As a result, attackers can alter the content of posts, including those owned by Administrators, by changing their post_type to getgenie_chat and reassigning the post_author. This manipulation risks compromising the integrity of the content across multiple user accounts.

Affected Version(s)

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools 0 <= 4.3.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/getgenie/tags/...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Feb 20, 2026

Credit

Kazuma Matsumoto

CVE-2026-2879 Data

JSON