Ghostwire

CVE-2026-1359: The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due...

HIGH CVSS 8.8 Exploit Available

Published: July 11, 2026 | Last Modified: July 11, 2026

Description

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (5 articles)

References