Vulnerabilites related to greenshiftwp - greenshift_-_animation_and_page_builder_blocks
CVE-2024-50419 (GCVE-0-2024-50419)
Vulnerability from cvelistv5
Published
2024-10-30 15:01
Modified
2024-10-30 15:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wpsoul | Greenshift – animation and page builder blocks |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T15:07:31.859010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:07:59.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "greenshift-animation-and-page-builder-blocks",
"product": "Greenshift \u2013 animation and page builder blocks",
"vendor": "Wpsoul",
"versions": [
{
"changes": [
{
"at": "9.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "9.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac / truonghuuphuc (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Wpsoul Greenshift \u2013 animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Greenshift \u2013 animation and page builder blocks: from n/a through 9.7.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Wpsoul Greenshift \u2013 animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift \u2013 animation and page builder blocks: from n/a through 9.7."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:01:55.909Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/greenshift-animation-and-page-builder-blocks/wordpress-greenshift-animation-and-page-builder-blocks-plugin-9-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 9.8 or a higher version."
}
],
"value": "Update to 9.8 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Greenshift plugin \u003c= 9.7 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-50419",
"datePublished": "2024-10-30T15:01:55.909Z",
"dateReserved": "2024-10-24T07:25:42.461Z",
"dateUpdated": "2024-10-30T15:07:59.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11181 (GCVE-0-2024-11181)
Vulnerability from cvelistv5
Published
2024-12-12 06:46
Modified
2024-12-12 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpsoul | Greenshift – animation and page builder blocks |
Version: * ≤ 9.9.9.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:40:35.271134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:40:45.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Greenshift \u2013 animation and page builder blocks",
"vendor": "wpsoul",
"versions": [
{
"lessThanOrEqual": "9.9.9.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the \u0027wp_reusable_render\u0027 shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T06:46:32.559Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06047667-2a24-4e1c-9389-11daceff4d23?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L43"
},
{
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L1236"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3203829/greenshift-animation-and-page-builder-blocks/trunk/settings.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Greenshift \u2013 animation and page builder blocks \u003c= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11181",
"datePublished": "2024-12-12T06:46:32.559Z",
"dateReserved": "2024-11-13T15:16:43.061Z",
"dateUpdated": "2024-12-12T14:40:45.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3616 (GCVE-0-2025-3616)
Vulnerability from cvelistv5
Published
2025-04-22 04:21
Modified
2025-04-22 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpsoul | Greenshift – animation and page builder blocks |
Version: 11.4 ≤ 11.4.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T13:14:20.365069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T13:17:08.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Greenshift \u2013 animation and page builder blocks",
"vendor": "wpsoul",
"versions": [
{
"lessThanOrEqual": "11.4.5",
"status": "affected",
"version": "11.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T04:21:32.528Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0db4671e-1989-44a4-babe-ed699c7f3a52?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/init.php#L3340"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3270279/greenshift-animation-and-page-builder-blocks/trunk/init.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3276168/greenshift-animation-and-page-builder-blocks/trunk/init.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3273212/greenshift-animation-and-page-builder-blocks/trunk/init.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-21T15:48:15.000+00:00",
"value": "Disclosed"
}
],
"title": "Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3616",
"datePublished": "2025-04-22T04:21:32.528Z",
"dateReserved": "2025-04-14T21:53:28.375Z",
"dateUpdated": "2025-04-22T13:17:08.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26884 (GCVE-0-2025-26884)
Vulnerability from cvelistv5
Published
2025-02-25 14:17
Modified
2025-02-25 19:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpsoul | Greenshift |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T19:03:37.792361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:07:26.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "greenshift-animation-and-page-builder-blocks",
"product": "Greenshift",
"vendor": "wpsoul",
"versions": [
{
"changes": [
{
"at": "10.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "10.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Peter Thaleikis (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpsoul Greenshift allows Stored XSS.\u003c/p\u003e\u003cp\u003eThis issue affects Greenshift: from n/a through 10.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:17:52.084Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/greenshift-animation-and-page-builder-blocks/vulnerability/wordpress-greenshift-plugin-10-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Greenshift wordpress plugin to the latest available version (at least 10.9)."
}
],
"value": "Update the WordPress Greenshift wordpress plugin to the latest available version (at least 10.9)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Greenshift plugin \u003c= 10.8 - Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-26884",
"datePublished": "2025-02-25T14:17:52.084Z",
"dateReserved": "2025-02-17T11:50:22.450Z",
"dateUpdated": "2025-02-25T19:07:26.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6155 (GCVE-0-2024-6155)
Vulnerability from cvelistv5
Published
2025-01-09 11:11
Modified
2025-01-09 14:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpsoul | Greenshift – animation and page builder blocks |
Version: * ≤ 9.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T14:25:34.814128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T14:25:44.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Greenshift \u2013 animation and page builder blocks",
"vendor": "wpsoul",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arkadiusz Hydzik"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T11:11:05.245Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe3cfaf4-67c8-47af-bd58-e8ad27a03fae?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/8.9.8/settings.php#L1385"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-02T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-01-08T22:19:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Greenshift \u2013 animation and page builder blocks \u003c= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6155",
"datePublished": "2025-01-09T11:11:05.245Z",
"dateReserved": "2024-06-18T21:57:36.542Z",
"dateUpdated": "2025-01-09T14:25:44.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-12-12 07:15
Modified
2025-06-05 15:59
Severity ?
Summary
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@wordfence.com | https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L1236 | Product | |
| security@wordfence.com | https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L43 | Product | |
| security@wordfence.com | https://plugins.trac.wordpress.org/changeset/3203829/greenshift-animation-and-page-builder-blocks/trunk/settings.php | Patch | |
| security@wordfence.com | https://www.wordfence.com/threat-intel/vulnerabilities/id/06047667-2a24-4e1c-9389-11daceff4d23?source=cve | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| greenshiftwp | greenshift_-_animation_and_page_builder_blocks | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B8200D97-F10E-458D-8564-3B613BBDF647",
"versionEndExcluding": "9.9.9.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the \u0027wp_reusable_render\u0027 shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to."
},
{
"lang": "es",
"value": " El complemento Greenshift \u2013 animation and page builder blocks para WordPress es vulnerable a Information Exposure en todas las versiones hasta la 9.9.9.3 incluida a trav\u00e9s del shortcode \u0027wp_reusable_render\u0027 debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones protegidas con contrase\u00f1a, privadas o borradores a los que no deber\u00edan tener acceso."
}
],
"id": "CVE-2024-11181",
"lastModified": "2025-06-05T15:59:04.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T07:15:08.057",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L1236"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php#L43"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3203829/greenshift-animation-and-page-builder-blocks/trunk/settings.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06047667-2a24-4e1c-9389-11daceff4d23?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-30 15:15
Modified
2025-05-28 21:07
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| greenshiftwp | greenshift_-_animation_and_page_builder_blocks | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "61252A31-10FB-4EEE-9ACD-C0C2A609E7E5",
"versionEndExcluding": "9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Wpsoul Greenshift \u2013 animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift \u2013 animation and page builder blocks: from n/a through 9.7."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n incorrecta en Wpsoul Greenshift \u2013 animation and page builder blocks permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los bloques de animaci\u00f3n y creaci\u00f3n de p\u00e1ginas Greenshift: desde n/a hasta 9.7."
}
],
"id": "CVE-2024-50419",
"lastModified": "2025-05-28T21:07:38.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-30T15:15:19.360",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/greenshift-animation-and-page-builder-blocks/wordpress-greenshift-animation-and-page-builder-blocks-plugin-9-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-09 11:15
Modified
2025-06-05 14:43
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@wordfence.com | https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/8.9.8/settings.php#L1385 | Product | |
| security@wordfence.com | https://www.wordfence.com/threat-intel/vulnerabilities/id/fe3cfaf4-67c8-47af-bd58-e8ad27a03fae?source=cve | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| greenshiftwp | greenshift_-_animation_and_page_builder_blocks | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B8C3214B-BC14-42EB-B748-10BFF3A13E0B",
"versionEndExcluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1."
},
{
"lang": "es",
"value": "El complemento Greenshift \u2013 animation y page builder blocks para WordPress es vulnerable a Server-Side Request Forgery (SSRF) autenticada (Subscriber+) y a Cross Site Scripting almacenado en todas las versiones hasta la 9.0.0 incluida debido a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n greenshift_download_file_localy, junto con la falta de protecci\u00f3n SSRF y desinfecci\u00f3n de los archivos SVG cargados. Esto permite que los atacantes autenticados, con acceso de nivel de suscriptor y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y que tambi\u00e9n se pueden aprovechar para descargar archivos SVG maliciosos que contienen payloads de Cross Site Scripting al servidor. En servidores basados en la nube, los atacantes podr\u00edan recuperar los metadatos de la instancia. El problema se solucion\u00f3 parcialmente en la versi\u00f3n 8.9.9 y por completo en la versi\u00f3n 9.0.1."
}
],
"id": "CVE-2024-6155",
"lastModified": "2025-06-05T14:43:06.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-09T11:15:16.330",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/8.9.8/settings.php#L1385"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe3cfaf4-67c8-47af-bd58-e8ad27a03fae?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@wordfence.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 15:15
Modified
2025-05-21 17:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| greenshiftwp | greenshift_-_animation_and_page_builder_blocks | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "93217A20-6FB9-4C92-B6EF-42F028521124",
"versionEndExcluding": "10.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u0027Cross-site Scripting\u0027) en wpsoul Greenshift permite XSS almacenado. Este problema afecta a Greenshift: desde n/a hasta 10.8."
}
],
"id": "CVE-2025-26884",
"lastModified": "2025-05-21T17:21:54.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T15:15:24.977",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/wordpress/plugin/greenshift-animation-and-page-builder-blocks/vulnerability/wordpress-greenshift-plugin-10-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-22 05:15
Modified
2025-05-28 17:38
Severity ?
Summary
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@wordfence.com | https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/init.php#L3340 | Product | |
| security@wordfence.com | https://plugins.trac.wordpress.org/changeset/3270279/greenshift-animation-and-page-builder-blocks/trunk/init.php | Patch | |
| security@wordfence.com | https://plugins.trac.wordpress.org/changeset/3273212/greenshift-animation-and-page-builder-blocks/trunk/init.php | Patch | |
| security@wordfence.com | https://plugins.trac.wordpress.org/changeset/3276168/greenshift-animation-and-page-builder-blocks/trunk/init.php | Patch | |
| security@wordfence.com | https://www.wordfence.com/threat-intel/vulnerabilities/id/0db4671e-1989-44a4-babe-ed699c7f3a52?source=cve | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| greenshiftwp | greenshift_-_animation_and_page_builder_blocks | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F3857B42-606A-4E2E-BC6A-BE290F64B400",
"versionEndExcluding": "11.4.6",
"versionStartIncluding": "11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads."
},
{
"lang": "es",
"value": "El complemento Greenshift \u2013 animation and page builder blocks para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n gspb_make_proxy_api_request() en las versiones 11.4 a 11.4.5. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo. La carga de archivos arbitrarios se corrigi\u00f3 adecuadamente en la versi\u00f3n 11.4.5, pero se a\u00f1adi\u00f3 una comprobaci\u00f3n de capacidad en la versi\u00f3n 11.4.6 para evitar la carga no autorizada de archivos limitados."
}
],
"id": "CVE-2025-3616",
"lastModified": "2025-05-28T17:38:29.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2025-04-22T05:15:30.780",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/init.php#L3340"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3270279/greenshift-animation-and-page-builder-blocks/trunk/init.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3273212/greenshift-animation-and-page-builder-blocks/trunk/init.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3276168/greenshift-animation-and-page-builder-blocks/trunk/init.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0db4671e-1989-44a4-babe-ed699c7f3a52?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}