PatchSiren cyber security CVE debrief
CVE-2026-54197 Wpmet CVE debrief
CVE-2026-54197 is a MEDIUM severity vulnerability (CVSS score: 6.5) affecting GetGenie plugin versions <= 4.4.1. This vulnerability allows unauthenticated sensitive data exposure. The CVE was published and modified on 2026-06-16T10:16:28.607Z. The vendor and product information is currently unknown, but evidence suggests a connection to Patchstack. A mitigation or vendor reference is available [ref-4].
- Vendor
- Wpmet
- Product
- GetGenie
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of GetGenie plugin versions <= 4.4.1 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
CVE-2026-54197 is classified as an Unauthenticated Sensitive Data Exposure vulnerability in GetGenie plugin versions <= 4.4.1. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L and is associated with CWE-201.
Defensive priority
MEDIUM
Recommended defensive actions
- Update GetGenie plugin to a version greater than 4.4.1.
- Refer to [ref-4] for mitigation or vendor guidance.
Evidence notes
Evidence suggests a connection to Patchstack [cve-org], [ref-4].
Official resources
-
CVE-2026-54197 CVE record
CVE.org
-
CVE-2026-54197 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-54197 was published and modified on 2026-06-16T10:16:28.607Z.