CVE-2026-2879

{"id": "CVE-2026-2879", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2026-03-13T19:54:34.500", "references": [{"url": "https://plugins.trac.wordpress.org/browser/getgenie/tags/4.3.2/app/Api/GetGenieChat.php#L60", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/getgenie/tags/4.3.2/app/Api/GetGenieChat.php#L91", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3479838%40getgenie%2Ftrunk&old=3446466%40getgenie%2Ftrunk&sfp_email=&sfph_mail=", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8030c334-458a-4d21-9a64-3f5df715ba97?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the `id` parameter in the `create()` method of the `GetGenieChat` REST API endpoint. The method accepts a user-controlled post ID and, when a post with that ID exists, calls `wp_update_post()` without verifying that the current user owns the post or that the post is of the expected `getgenie_chat` type. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite arbitrary posts owned by any user \u2014 including Administrators \u2014 effectively destroying the original content by changing its `post_type` to `getgenie_chat` and reassigning `post_author` to the attacker."}, {"lang": "es", "value": "El plugin GetGenie para WordPress es vulnerable a Referencia Directa Insegura a Objeto en todas las versiones hasta la 4.3.2, inclusive. Esto se debe a la falta de validaci\u00f3n en el par\u00e1metro 'id' en el m\u00e9todo 'create()' del endpoint de la API REST 'GetGenieChat'. El m\u00e9todo acepta un ID de publicaci\u00f3n controlado por el usuario y, cuando existe una publicaci\u00f3n con ese ID, llama a 'wp_update_post()' sin verificar que el usuario actual sea el propietario de la publicaci\u00f3n o que la publicaci\u00f3n sea del tipo 'getgenie_chat' esperado. Esto hace posible que atacantes autenticados, con acceso de nivel de Autor y superior, sobrescriban publicaciones arbitrarias propiedad de cualquier usuario \u2014 incluyendo Administradores \u2014 destruyendo efectivamente el contenido original al cambiar su 'post_type' a 'getgenie_chat' y reasignar 'post_author' al atacante."}], "lastModified": "2026-04-22T21:30:26.497", "sourceIdentifier": "security@wordfence.com"}