cleantalk
Vulnerabilities and Security Researches

GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis, CVE-2026-2257

CVE, Research URL

CVE-2026-2257

Home page URL

Security reports for GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis

Application

GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis

Published on
Mar 14, 2026
Research Description
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function. This makes it possible for authenticated attackers, with Author-level access and above, to update post metadata for arbitrary posts. Combined with a lack of input sanitization, this leads to Stored Cross-Site Scripting when a higher-privileged user (such as an Administrator) views the affected post's "Competitor" tab in the GetGenie sidebar.
Affected versions
max 4.3.3.
Status
vulnerable
Previous vulnerability researches
GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis (CVE-2026-2879) , Apr 13, 2026
GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis (CVE-2026-2257) , Apr 13, 2026
GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis (CVE-2026-24356) , Feb 27, 2026
GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis (CVE-2026-1003) , Apr 16, 2026
New vulnerability
AMP Enhancer – Compatibility Layer for Official AMP Plugin (CVE-2026-2027) , Apr 16, 2026
WaveSurfer-WP (CVE-2026-1909) , Apr 16, 2026
xmlrpc attacks blocker (CVE-2026-2502) , Apr 16, 2026
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud! (CVE-2026-0831) , Apr 16, 2026
iRobots.txt SEO (CVE-2025-68840) , Apr 16, 2026