VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 20 known issues Latest disclosed Apr 10, 2026

Greenshift – animation and page builder blocks Vulnerabilities

Review known vulnerability records for the WordPress plugin Greenshift – animation and page builder blocks (`greenshift-animation-and-page-builder-blocks`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-4895, CVE-2026-2371 and CVE-2026-2589, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
20
High or Critical
2
Patch Coverage
100%
Last Updated
Apr 10, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Greenshift – animation and page builder blocks so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
20 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2026-4895, CVE-2026-2371 and CVE-2026-2589
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Greenshift – animation and page builder blocks

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-4895
Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute

The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspb_greenShift_block_script_assets() function....

Published
Apr 10, 2026
Patched Release
12.9.0
Affected Versions
Versions up to 12.8.9
Next Step
Update to 12.9.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-2371
Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the `gspb_el_reusable_load()` AJAX handler. T...

Published
Mar 06, 2026
Patched Release
12.8.4
Affected Versions
Versions up to 12.8.3
Next Step
Update to 12.8.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-2589
Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated...

Published
Mar 05, 2026
Patched Release
12.8.4
Affected Versions
Versions up to 12.8.3
Next Step
Update to 12.8.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-2593
Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_gspb_post_css` post meta value and the `dynamicAttributes` block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitiz...

Published
Mar 05, 2026
Patched Release
12.8.6
Affected Versions
Versions up to 12.8.5
Next Step
Update to 12.8.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-1927
GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.6. This makes it possible for authentic...

Published
Feb 05, 2026
Patched Release
12.6.1
Affected Versions
Versions up to 12.6
Next Step
Update to 12.6.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-11841
Greenshift – animation and page builder blocks <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to insufficient input sanitization and output escaping. This makes it possible for a...

Published
Nov 03, 2025
Patched Release
12.2.8
Affected Versions
Versions up to 12.2.7
Next Step
Update to 12.2.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-57884
Greenshift <= 12.1.1 - Missing Authorization

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 12.1.1. This makes it possible for authenticated attackers, with Contributor-level ac...

Published
Aug 22, 2025
Patched Release
12.1.2
Affected Versions
Versions up to 12.1.1
Next Step
Update to 12.1.2 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-49301
Greenshift <= 11.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Greenshift plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 11.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to in...

Published
Jun 05, 2025
Patched Release
11.5.7
Affected Versions
Versions up to 11.5.5
Next Step
Update to 11.5.7 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-3616
Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with S...

Published
Apr 21, 2025
Patched Release
11.4.6
Affected Versions
11.4 through 11.4.5
Next Step
Update to 11.4.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-30873
Greenshift <= 11.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Greenshift plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 11.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to in...

Published
Mar 27, 2025
Patched Release
11.1
Affected Versions
Versions up to 11.0.2
Next Step
Update to 11.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-26884
Greenshift <= 10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Greenshift plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

Published
Feb 22, 2025
Patched Release
10.9
Affected Versions
Versions up to 10.8
Next Step
Update to 10.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6155
Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_downloa...

Published
Jan 08, 2025
Patched Release
9.0.1
Affected Versions
Versions up to 9.0.0
Next Step
Update to 9.0.1 or newer if supported.
Open Full Report Open CVE Reference