GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools < 4.3.1 – Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion | CVE 2026-1003 | Plugin Vulnerabilities

Description

The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authenticated attackers, with Author-level access and above, to delete any post on the WordPress site, including posts authored by other users.

Affects Plugins

Fixed in 4.3.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/38ec647a-3c0c-4d3c-ba34-64c17803867b

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

theviper17y

Verified

No

WPVDB ID

583b1dee-14d4-4b03-aafb-1c4c473f421c

Timeline

Publicly Published

2026-01-15 (about 3 months ago)

Added

2026-01-15 (about 3 months ago)

Last Updated

2026-01-16 (about 3 months ago)

Other

Published

Title

Published

2026-02-25

Title

WeDesignTech Ultimate Booking Addon < 1.0.4 - Missing Authorization

Published

2025-12-11

Title

Laser <= 1.1.1 - Missing Authorization

Published

2025-10-14

Title

Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion

Published

2024-03-29

Title

Spiffy Calendar < 4.9.11 - Missing Authorization

Published

2026-02-23

Title

Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.13 - Missing Authorization