CVE-2026-54197
Deferred Deferred - Pending Action

Unauthenticated Sensitive Data Exposure in GetGenie

Vulnerability report for CVE-2026-54197, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Patchstack

Description

Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
getgenie getgenie to 4.4.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress GetGenie Plugin, versions 4.4.1 and below, contains a vulnerability classified as Sensitive Data Exposure. This flaw allows unauthenticated attackers to access sensitive information that should not be visible to regular users.

Because the attackers do not need to be authenticated, they can exploit this vulnerability remotely without any credentials.

Compliance Impact

The vulnerability allows unauthenticated attackers to access sensitive information that should not be visible to regular users. Such unauthorized exposure of sensitive data can lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to the exposure of sensitive data, potentially leading to legal and financial consequences for affected organizations.

Detection Guidance

The vulnerability in GetGenie versions 4.4.1 and below allows unauthenticated access to sensitive data. Detection typically involves monitoring for unauthorized access attempts to sensitive endpoints or unusual data exposure patterns.

Since the vulnerability is related to unauthenticated sensitive data exposure, one approach is to check for HTTP requests targeting the GetGenie plugin endpoints that should require authentication but do not.

  • Use network monitoring tools like Wireshark or tcpdump to capture HTTP traffic and filter for requests to GetGenie plugin URLs.
  • Run a command such as: curl -I http://yourwordpresssite.com/wp-content/plugins/getgenie/ to check for publicly accessible sensitive endpoints.
  • Check web server logs for repeated or unusual GET requests to GetGenie plugin paths without authentication.

Patchstack provides a mitigation rule to block attacks until the plugin is updated, which can also be used to detect exploitation attempts.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive data, which may result in further exploitation of the system.

The CVSS score of 6.5 indicates a moderate level of danger, and the vulnerability is likely to be targeted in mass-exploit campaigns.

If exploited, it could compromise the integrity and availability of the affected system.

Mitigation Strategies

Users of the WordPress GetGenie Plugin versions 4.4.1 and below should immediately update to version 4.4.2, which contains the patch for this vulnerability.

Until the update can be applied, it is advised to implement the mitigation rule provided by Patchstack to block attacks exploiting this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54197. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart