Primary

Context

Greenshift Animation and Page Builder Blocks WordPress Plugin Missing Capability Check Vulnerability

Vulnerability

Patched

A vulnerability exists in the Greenshift animation and page builder blocks plugin for WordPress, in all versions through 12.5.7. The issue arises from a missing capability check in the greenshift_app_pass_validation() function, allowing authenticated attackers with Subscriber-level access and above to access global plugin settings, including sensitive AI API keys.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive plugin settings and AI API keys.

Remediation

Users are advised to update the Greenshift animation and page builder blocks plugin to version 12.6 or a newer patched version.

Added: Feb 5, 2026, 2:18 PM

Updated: Feb 5, 2026, 3:29 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

2.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

2.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Greenshift Animation and Page Builder Blocks WordPress Plugin Missing Capability Check Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Greenshift

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating