CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authenticated attackers, with Author-level access and above, to delete any post on the WordPress site, including posts authored by other users.
Explanation of Vulnerability in Simple Terms
GetGenie versions up to 4.3.0 lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can change data belonging to other users or the site without elevated permissions. The vulnerability requires an existing user account but no additional user interaction.
What an attacker can do
Modify or change content and data belonging to other users or the site.
Potential impact on your site
Any registered user can alter content, settings, or data they should not be able to access.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities
