cbcvebase.

Greenshiftwp Greenshift Animation And Page Builder Blocks vulnerabilities

5 known vulnerabilities affecting greenshiftwp/greenshift_animation_and_page_builder_blocks.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-3616P2HIGHCVSS 8.8≥ 11.4, < 11.4.62025-04-22
CVE-2025-3616 [HIGH] CWE-434 CVE-2025-3616: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary f The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected
nvd
CVE-2024-50419P3CRITICALCVSS 9.8fixed in 9.82024-10-30
CVE-2024-50419 [CRITICAL] CWE-863 CVE-2024-50419: Incorrect Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blo Incorrect Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift: from n/a through <= 9.7.
nvd
CVE-2024-6155P4MEDIUMCVSS 5.4fixed in 9.0.12025-01-09
CVE-2024-6155 [MEDIUM] CWE-862 CVE-2024-6155: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticat The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on
nvd
CVE-2025-26884P4MEDIUMCVSS 5.4fixed in 10.92025-02-25
CVE-2025-26884 [MEDIUM] CWE-79 CVE-2025-26884: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affects Greenshift: from n/a through <= 10.8.
nvd
CVE-2024-11181P4MEDIUMCVSS 4.3fixed in 9.9.9.42024-12-12
CVE-2024-11181 [MEDIUM] CWE-639 CVE-2024-11181: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above
nvd
Greenshiftwp Greenshift Animation And Page Builder Blocks vulnerabilities | cvebase