Back to Dashboard

CVE-2026-1359

Published: July 11, 2026Last Modified: July 11, 2026
CVSS SCORE
8.8
HIGH

Vulnerability Description

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation.

Affected Products & Versions

No configurations parsed from local entry.

Mitigation & Remediation

Update the affected packages to a secure version. Refer to vendor security advisories.

Share Advisory

Copy the standardized markdown formatted vulnerability report to post in Slack, Teams, email, or ticketing systems.

# HIGH - CVE-2026-1359 ## EFFECT The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation. ## AFFECTED Unknown products ## LINKS - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org/changeset?reponame=&new=3460465%40genolve-toolkit&old=3432371%40genolve-toolkit) - [www.wordfence.com](https://www.wordfence.com/threat-intel/vulnerabilities/id/8f64361a-e5b5-4481-b25c-bdffeb80c198?source=cve) ## SOLUTION - Update the affected packages to a secure version. Refer to vendor security advisories.