Genolve – AI image AI video generation <= 5.0.5 - Authenticated (Contributor+) Incorrect Authorization to Privilege Escalation via theopt
Strategic Overview
<= 5.0.5CVE-2026-1359Vulnerability Overview
The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation.
Technical Analysis
REMEDIATION: Update to version 5.0.6, or a newer patched version --- IDENTIFIER: CWE-863 (Incorrect Authorization) The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
External References
Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C