CVE-2026-54197 MEDIUM

CVE-2026-54197: WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability

Vendor Wpmet
Product GetGenie
Weakness CWE-201
Published June 16, 2026
Last update June 16, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.

Explanation of Vulnerability in Simple Terms

02Summary

GetGenie versions up to 4.4.1 contain a vulnerability that allows an attacker to modify data or disrupt service availability without authentication. The vulnerability stems from insufficient input validation. Site administrators should update to version 4.4.3 or later to remediate the issue.

What an attacker can do

03Attacker Capabilities

Modify site data or cause temporary service disruption without needing to log in.

Potential impact on your site

04Site Impact

Attackers can alter content or cause downtime on your site without credentials.

Conditions required to exploit

05Prerequisites

Network access to the site; no authentication or user interaction required.

Key dates

06Disclosure timeline

June 16, 2026 CVE published
June 16, 2026 Record updated

Related vulnerabilities

08Related CVE