PatchSiren cyber security CVE debrief
CVE-2026-1359 genolve CVE debrief
The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This vulnerability allows authenticated attackers with Contributor-level access and above to update arbitrary WordPress options, potentially leading to privilege escalation. The vulnerability has a high CVSS score of 8.8 and is classified as HIGH severity. The CVE record was published on 2026-07-11T09:16:16.020Z and has not been modified since then.
- Vendor
- genolve
- Product
- Genolve – Genolve AI Business Graphics, AI Images
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-11
- Original CVE updated
- 2026-07-11
- Advisory published
- 2026-07-11
- Advisory updated
- 2026-07-11
Who should care
Authenticated attackers with Contributor-level access and above may be able to exploit this vulnerability to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation. Operators of WordPress deployments using the Genolve – AI image AI video generation plugin should review and apply the necessary updates or mitigations to prevent exploitation.
Technical summary
The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation. The vulnerability has a high CVSS score of 8.8 and is classified as HIGH severity.
Defensive priority
High
Recommended defensive actions
- Verify and restrict access to the genolve_setOpt() function
- Limit Contributor-level access and above to only necessary users
- Monitor for suspicious updates to WordPress options
- Implement additional security measures to prevent privilege escalation
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-11T09:16:16.020Z and has not been modified since then. The NVD entry is currently Received. There is limited evidence available to confirm affected scope and severity. Defenders should verify the official CVE record and NVD entry for the most up-to-date information. The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-11T09:16:16.020Z and has not been modified since then.