Genolve – AI image AI video generation <= 5.0.5 - Authenticated (Contributor+) Incorrect Authorization to Privilege Escalation via theopt

2026-07-10 18:57
Kazuma Matsumoto

Strategic Overview

Vulnerability Overview

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation.

Technical Analysis

REMEDIATION: Update to version 5.0.6, or a newer patched version --- IDENTIFIER: CWE-863 (Incorrect Authorization) The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

External References

Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C