{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/genolve---ai-image-ai-video-generation-plugin-for-wordpress--5.0.5/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-1359"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Genolve - AI image AI video generation plugin for WordPress (\u003c= 5.0.5)"],"_cs_severities":["high"],"_cs_tags":["wordpress","plugin","privilege-escalation","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Genolve","WordPress"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-1359, has been identified in the Genolve - AI image AI video generation plugin for WordPress, affecting all versions up to and including 5.0.5. The flaw stems from a missing capability check within the \u003ccode\u003egenolve_setOpt()\u003c/code\u003e function, which is designed to set various plugin options. This oversight allows authenticated attackers with Contributor-level access or higher to bypass intended security controls and modify arbitrary WordPress options. Specifically, an attacker can leverage this vulnerability to enable user registration and set the default role for new users to 'administrator', directly leading to privilege escalation and potential site compromise. This vulnerability poses a significant risk to WordPress sites utilizing the affected Genolve plugin, as it allows less privileged users to gain full administrative control.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker, possessing Contributor-level privileges or higher, logs into the vulnerable WordPress site.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the WordPress AJAX endpoint (\u003ccode\u003e/wp-admin/admin-ajax.php\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe request includes parameters to invoke the \u003ccode\u003egenolve_setOpt\u003c/code\u003e action.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates request parameters, specifically \u003ccode\u003eoption_name\u003c/code\u003e and \u003ccode\u003eoption_value\u003c/code\u003e, to enable \u003ccode\u003eusers_can_register\u003c/code\u003e and set \u003ccode\u003edefault_role\u003c/code\u003e to \u003ccode\u003eadministrator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the missing capability check in the \u003ccode\u003egenolve_setOpt()\u003c/code\u003e function, the plugin processes these changes without proper authorization.\u003c/li\u003e\n\u003cli\u003eWordPress site options are updated, allowing new users to register with administrator privileges or an existing lower-privileged account to be elevated.\u003c/li\u003e\n\u003cli\u003eThe attacker can then register a new administrator account, gaining full control over the WordPress site.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-1359 grants authenticated attackers, even those with low-privileged Contributor roles, full administrative control over the affected WordPress site. This leads to complete compromise of the website, including data manipulation, defacement, content injection, and potential for further malicious activities such as malware distribution or phishing. The vulnerability has a CVSS v3.1 base score of 8.8, indicating a high severity risk. Organizations using the Genolve plugin for WordPress should consider all affected installations to be at risk of arbitrary option updates and subsequent privilege escalation if not patched.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the Genolve - AI image AI video generation plugin to a version patched against CVE-2026-1359.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM to detect attempts to exploit CVE-2026-1359 by monitoring webserver logs for suspicious \u003ccode\u003egenolve_setOpt\u003c/code\u003e calls.\u003c/li\u003e\n\u003cli\u003eMonitor WordPress webserver access logs for anomalous requests to \u003ccode\u003e/wp-admin/admin-ajax.php\u003c/code\u003e containing \u003ccode\u003eaction=genolve_setOpt\u003c/code\u003e combined with suspicious \u003ccode\u003eoption_name\u003c/code\u003e and \u003ccode\u003eoption_value\u003c/code\u003e parameters.\u003c/li\u003e\n\u003cli\u003eRegularly review WordPress user accounts and their assigned roles to identify any unauthorized privilege escalations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-11T09:17:47Z","date_published":"2026-07-11T09:17:47Z","id":"https://feed.craftedsignal.io/briefs/2026-07-genolve-wordpress-privesc/","summary":"A vulnerability in the Genolve AI image AI video generation plugin for WordPress, affecting versions up to and including 5.0.5, allows authenticated attackers with Contributor-level access to achieve privilege escalation due to a missing capability check in the `genolve_setOpt()` function, enabling them to modify arbitrary WordPress options such as enabling user registration and setting the default role to administrator.","title":"Vulnerability in Genolve WordPress Plugin Allows Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-07-genolve-wordpress-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed - Genolve - AI Image AI Video Generation Plugin for WordPress (\u003c= 5.0.5)","version":"https://jsonfeed.org/version/1.1"}