CVE-2026-24356 MEDIUM

CVE-2026-24356: WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability

Vendor Roxnor
Product GetGenie
Weakness CWE-862 · Missing authorization
Published January 22, 2026
Last update April 28, 2026

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.

Explanation of Vulnerability in Simple Terms

02Summary

GetGenie versions up to 4.3.0 lack proper authorization checks, allowing high-privilege users to trigger a denial-of-service condition. An attacker with administrative or equivalent access can make the site unresponsive or unavailable. Update to version 4.4.3 or later to resolve this issue.

What an attacker can do

03Attacker Capabilities

Make the site unavailable or unresponsive by triggering a denial-of-service condition.

Potential impact on your site

04Site Impact

A malicious admin or compromised high-privilege account can render your site unavailable without leaving obvious traces.

Conditions required to exploit

05Prerequisites

Attacker must have high-level privileges (admin or equivalent role) on the site.

Key dates

06Disclosure timeline

January 22, 2026 CVE published
April 28, 2026 Record updated