CVE-2026-1359
Published: July 11, 2026•Last Modified: July 11, 2026
CVSS SCORE
8.8
HIGH
Vulnerability Description
The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation.
Affected Products & Versions
No configurations parsed from local entry.
Security Advisories & References
Mitigation & Remediation
Update the affected packages to a secure version. Refer to vendor security advisories.
Share Advisory
Copy the standardized markdown formatted vulnerability report to post in Slack, Teams, email, or ticketing systems.
# HIGH - CVE-2026-1359
## EFFECT
The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation.
## AFFECTED
Unknown products
## LINKS
- [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org/changeset?reponame=&new=3460465%40genolve-toolkit&old=3432371%40genolve-toolkit)
- [www.wordfence.com](https://www.wordfence.com/threat-intel/vulnerabilities/id/8f64361a-e5b5-4481-b25c-bdffeb80c198?source=cve)
## SOLUTION
- Update the affected packages to a secure version. Refer to vendor security advisories.