Insecure Direct Object Reference in GetGenie Plugin for WordPress
CVE-2026-2879

5.4MEDIUM

Key Information:

Vendor

WordPress
Status
Getgenie – Ai Content Writer With Keyword Research & Seo Tracking Tools
Vendor
CVE Published:
13 March 2026

What is CVE-2026-2879?

The GetGenie plugin for WordPress is susceptible to an Insecure Direct Object Reference vulnerability due to inadequate validation of the id parameter in its REST API endpoint. This flaw allows authenticated attackers with Author-level access or greater to modify arbitrary posts by simply providing a valid post ID, which potentially belongs to another user. As a result, attackers can alter the content of posts, including those owned by Administrators, by changing their post_type to getgenie_chat and reassigning the post_author. This manipulation risks compromising the integrity of the content across multiple user accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools * <= 4.3.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/getgenie/tags/...
https://plugins.trac.wordpress.org/browser/getgenie/tags/...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kazuma Matsumoto
JSON
.