PT-2026-57423 · WordPress · Genolve
Kazuma Matsumoto
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-1359
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Genolve – AI image AI video generation plugin for WordPress versions prior to 5.0.6
Description
Authenticated attackers with Contributor-level access and above can perform unauthorized modification of data. This is caused by a missing capability check in the
genolve setOpt() function, allowing the update of arbitrary WordPress options. This can lead to privilege escalation by enabling user registration and setting the default role to administrator.Recommendations
Update the plugin to version 5.0.6 or later.
As a temporary mitigation, restrict access to the
genolve setOpt() function for users with Contributor-level permissions.Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Genolve