Vulnerabilities and security researches forgreenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
Direction: descendingNov 11, 2025
Greenshift – animation and page builder blocks # CVE-2025-11841
- CVE, Research URL
- Date
- Nov 04, 2025
- Research Description
- The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 12.2.8.
- Status
-
vulnerable
Aug 24, 2025
Greenshift – animation and page builder blocks # CVE-2025-57884
- CVE, Research URL
- Date
- Aug 22, 2025
- Research Description
- Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1.
- Affected versions
-
max 12.1.2.
- Status
-
vulnerable
May 07, 2025
Greenshift – animation and page builder blocks # CVE-2022-4974
- CVE, Research URL
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 1.1.6.
- Status
-
vulnerable
Apr 29, 2025
Greenshift – animation and page builder blocks # CVE-2025-3616
- CVE, Research URL
- Date
- Apr 22, 2025
- Research Description
- The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads.
- Affected versions
-
max 11.4.6.
- Status
-
vulnerable
Apr 03, 2025
Greenshift – animation and page builder blocks # CVE-2025-30873
- CVE, Research URL
- Date
- Mar 27, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 11.0.2.
- Affected versions
-
max 11.1.
- Status
-
vulnerable
Feb 27, 2025
Greenshift – animation and page builder blocks # CVE-2025-26884
- CVE, Research URL
- Date
- Feb 25, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8.
- Affected versions
-
max 10.9.
- Status
-
vulnerable
Jan 10, 2025
Greenshift – animation and page builder blocks # CVE-2024-6155
- CVE, Research URL
- Date
- Jan 09, 2025
- Research Description
- The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1.
- Affected versions
-
max 9.0.1.
- Status
-
vulnerable
Dec 12, 2024
Greenshift – animation and page builder blocks # CVE-2024-11181
- CVE, Research URL
- Date
- Dec 12, 2024
- Research Description
- The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
- Affected versions
-
max 9.9.9.4.
- Status
-
vulnerable
Oct 28, 2024
Greenshift – animation and page builder blocks # CVE-2024-50419
- CVE, Research URL
- Date
- Oct 30, 2024
- Research Description
- Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7.
- Affected versions
-
max 9.8.
- Status
-
vulnerable
Sep 19, 2024
Greenshift – animation and page builder blocks # CVE-2024-44005
- CVE, Research URL
- Date
- Sep 18, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.3.7.
- Affected versions
-
max 9.4.
- Status
-
vulnerable
Jun 21, 2024
Greenshift – animation and page builder blocks # CVE-2024-35765
- CVE, Research URL
- Date
- Jun 19, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 8.8.9.1.
- Affected versions
-
max 8.9.4.
- Status
-
vulnerable
Jun 07, 2024
Greenshift – animation and page builder blocks # cb5648db5073ddd604f4a58da2a251643969c91b
- CVE, Research URL
- Date
- Feb 28, 2022
- Research Description
- Greenshift – animation and page builder blocks [greenshift-animation-and-page-builder-blocks] < 1.1.6 WordPress Greenshift – animation and page builder blocks plugin < 1.1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Greenshift – animation and page builder blocks plugin (versions < 1.1.4).
- Affected versions
-
max 1.1.6.
- Status
-
vulnerable
Greenshift – animation and page builder blocks # CVE-2023-6636
- CVE, Research URL
- Date
- Jan 11, 2024
- Research Description
- The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Affected versions
-
max 7.6.3.
- Status
-
vulnerable
Greenshift – animation and page builder blocks # CVE-2022-4653
- CVE, Research URL
- Date
- Jan 16, 2023
- Research Description
- The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
- Affected versions
-
max 4.8.9.
- Status
-
vulnerable
Greenshift – animation and page builder blocks # CVE-2023-22707
- CVE, Research URL
- Date
- Mar 27, 2023
- Research Description
- Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Greenshift – animation and page builder blocks plugin <= 4.9.9 versions.
- Affected versions
-
max 5.0.
- Status
-
vulnerable
Greenshift – animation and page builder blocks # CVE-2023-0378
- CVE, Research URL
- Date
- Feb 21, 2023
- Research Description
- The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
- Affected versions
-
max 4.8.1.
- Status
-
vulnerable