支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2026-1003 基础信息
漏洞信息
                                        # GetGenie <=4.3.0 未授权文章删除漏洞

## 概述
GetGenie WordPress 插件在 4.3.0 及以下所有版本中存在授权绕过漏洞。

## 影响版本
- GetGenie 插件版本 ≤ 4.3.0

## 细节
该插件在删除文章功能中未正确验证用户是否具有删除特定文章的权限。

## 影响
经身份验证的攻击者(拥有 Author 或更高级别权限)可删除 WordPress 网站上的任意文章,包括其他用户创建的文章。
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authenticated attackers, with Author-level access and above, to delete any post on the WordPress site, including posts authored by other users.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
授权机制缺失
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2026-1003 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2026-1003 的情报信息
  • https://plugins.trac.wordpress.org/browser/getgenie/trunk/app/Api/GetGenieChat.php#L153

  • 标题: ERROR: The request could not be satisfied -- 🔗来源链接

    标签:

    神龙速读:
                                            - **Error Code**: 403 ERROR
- **Error Message**: "The request could not be satisfied."
- **Request Blocked**: Indicates that the request was blocked.
- **Possible Reasons**:
    - Too much traffic
    - Configuration error
- **Suggestion**: Try again later, or contact the app or website owner.
- **CloudFront**: If you provide content to customers through CloudFront, review the CloudFront documentation for troubleshooting.
- **Request ID**: bf36FN0dam0lJnwElxaXnrewXNYZxkQD4Ih8dhW6r_eNjg1Fd_3J-g==
- **Generated by**: cloudfront (CloudFront)
    ERROR: The request could not be satisfied

  • 标题: Changeset 3436920 – WordPress Plugin Repository -- 🔗来源链接

    标签:

    神龙速读:
                                            **Changeset 3436920**

- **Timestamp**: 01/11/2026 06:59:16 AM (9 days ago)
- **Author**: ataurr
- **Message**: version 4.3.1
- **Location**: getgenie

**Files**
- 4 edited
- 12 copied
   - tags/4.3.1 (copied from getgenie/trunk)
   - tags/4.3.1/app/Api/GetGenieChat.php (copied from getgenie/trunk/app/api/GetGenieChat.php)
   - tags/4.3.1/assets/dist/admin/js/app-handler.js (copied from getgenie/trunk/assets/dist/admin/js/app-handler.js)
   - tags/4.3.1/assets/dist/admin/js/blog-wizard.js (copied from getgenie/trunk/assets/dist/admin/js/blog-wizard.js)
   - ... more files with similar changes ...

**Note**: 
- Changeset view not shown, total size 12.4 MB exceeds 4.0 MB.
- Download options: Unified Diff, Zip Archive.
    Changeset 3436920 – WordPress Plugin Repository
  • https://nvd.nist.gov/vuln/detail/CVE-2026-1003
四、漏洞 CVE-2026-1003 的评论

暂无评论

发表评论