Vulnerability in Genolve WordPress Plugin Allows Privilege Escalation
A vulnerability in the Genolve AI image AI video generation plugin for WordPress, affecting versions up to and including 5.0.5, allows authenticated attackers with Contributor-level access to achieve privilege escalation due to a missing capability check in the `genolve_setOpt()` function, enabling them to modify arbitrary WordPress options such as enabling user registration and setting the default role to administrator.
A critical vulnerability, tracked as CVE-2026-1359, has been identified in the Genolve - AI image AI video generation plugin for WordPress, affecting all versions up to and including 5.0.5. The flaw stems from a missing capability check within the genolve_setOpt() function, which is designed to set various plugin options. This oversight allows authenticated attackers with Contributor-level access or higher to bypass intended security controls and modify arbitrary WordPress options. Specifically, an attacker can leverage this vulnerability to enable user registration and set the default role for new users to 'administrator', directly leading to privilege escalation and potential site compromise. This vulnerability poses a significant risk to WordPress sites utilizing the affected Genolve plugin, as it allows less privileged users to gain full administrative control.
Attack Chain
- An authenticated attacker, possessing Contributor-level privileges or higher, logs into the vulnerable WordPress site.
- The attacker crafts a malicious HTTP POST request targeting the WordPress AJAX endpoint (
/wp-admin/admin-ajax.php). - The request includes parameters to invoke the
genolve_setOptaction. - The attacker manipulates request parameters, specifically
option_nameandoption_value, to enableusers_can_registerand setdefault_roletoadministrator. - Due to the missing capability check in the
genolve_setOpt()function, the plugin processes these changes without proper authorization. - WordPress site options are updated, allowing new users to register with administrator privileges or an existing lower-privileged account to be elevated.
- The attacker can then register a new administrator account, gaining full control over the WordPress site.
Impact
Successful exploitation of CVE-2026-1359 grants authenticated attackers, even those with low-privileged Contributor roles, full administrative control over the affected WordPress site. This leads to complete compromise of the website, including data manipulation, defacement, content injection, and potential for further malicious activities such as malware distribution or phishing. The vulnerability has a CVSS v3.1 base score of 8.8, indicating a high severity risk. Organizations using the Genolve plugin for WordPress should consider all affected installations to be at risk of arbitrary option updates and subsequent privilege escalation if not patched.
Recommendation
- Immediately update the Genolve - AI image AI video generation plugin to a version patched against CVE-2026-1359.
- Deploy the Sigma rules in this brief to your SIEM to detect attempts to exploit CVE-2026-1359 by monitoring webserver logs for suspicious
genolve_setOptcalls. - Monitor WordPress webserver access logs for anomalous requests to
/wp-admin/admin-ajax.phpcontainingaction=genolve_setOptcombined with suspiciousoption_nameandoption_valueparameters. - Regularly review WordPress user accounts and their assigned roles to identify any unauthorized privilege escalations.
Detection coverage 1
Detects CVE-2026-1359 Exploitation - Genolve Plugin Register Admin
highDetects CVE-2026-1359 exploitation attempts where an attacker leverages the Genolve plugin's missing capability check to enable user registration and set the default role to administrator.
Detection queries are available on the platform. Get full rules →