Skip to main content

Getgenie

1 CVEs product

Monthly

CVE-2026-54197 MEDIUM This Month

Unauthenticated sensitive data exposure in the GetGenie WordPress plugin (versions <= 4.4.1) allows any remote, unauthenticated attacker to retrieve sensitive information via a network request to an unprotected endpoint. Reported by Patchstack and rooted in CWE-201 (Insertion of Sensitive Information Into Sent Data), the plugin inadvertently includes sensitive data - potentially AI service API keys or configuration values - in HTTP responses that require no authentication. No public exploit code and no active exploitation have been identified at time of analysis.

Information Disclosure Getgenie
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated sensitive data exposure in the GetGenie WordPress plugin (versions <= 4.4.1) allows any remote, unauthenticated attacker to retrieve sensitive information via a network request to an unprotected endpoint. Reported by Patchstack and rooted in CWE-201 (Insertion of Sensitive Information Into Sent Data), the plugin inadvertently includes sensitive data - potentially AI service API keys or configuration values - in HTTP responses that require no authentication. No public exploit code and no active exploitation have been identified at time of analysis.

Information Disclosure Getgenie
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy