PT-2026-57423 · WordPress · Genolve

Kazuma Matsumoto

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-1359

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Genolve – AI image AI video generation plugin for WordPress versions prior to 5.0.6
Description Authenticated attackers with Contributor-level access and above can perform unauthorized modification of data. This is caused by a missing capability check in the genolve setOpt() function, allowing the update of arbitrary WordPress options. This can lead to privilege escalation by enabling user registration and setting the default role to administrator.
Recommendations Update the plugin to version 5.0.6 or later. As a temporary mitigation, restrict access to the genolve setOpt() function for users with Contributor-level permissions.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-1359

Affected Products

Genolve