cleantalk
Vulnerabilities and Security Researches

Greenshift – animation and page builder blocks, CVE-2026-1927

CVE, Research URL

CVE-2026-1927

Home page URL

Security reports for Greenshift – animation and page builder blocks

Application

Greenshift – animation and page builder blocks

Published on
Feb 05, 2026
Research Description
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve global plugin settings including stored AI API keys and modify plugin settings, including the injection of arbitrary web scripts via the 'custom_css' value (stored XSS). NOTE: This vulnerability was partially patched in version 12.6.
Affected versions
max 12.6.1.
Status
vulnerable
Previous vulnerability researches
Snow Monkey Forms (CVE-2023-28408) , Jun 07, 2024
Snow Monkey Forms (178f7c4537e05e28f7bac32eb5c8627713aafc4e) , Jun 07, 2024
Snow Monkey Forms (CVE-2023-28413) , Jun 07, 2024
Snow Monkey Forms (CVE-2023-32623) , Jun 07, 2024
Snow Monkey Forms (CVE-2026-1056) , Apr 15, 2026
New vulnerability
Microtango (CVE-2026-1821) , Apr 15, 2026
MailArchiver (CVE-2026-2831) , Apr 15, 2026
BlueSnap Payment Gateway for WooCommerce (CVE-2026-0692) , Apr 15, 2026
Private Comment (CVE-2026-2281) , Apr 15, 2026
JS Archive List Widget (CVE-2026-2020) , Apr 15, 2026