Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.4
Greenshift Plugin Allows Attackers to Inject Malicious Code into WordPress Pages
CVE-2026-2593
Summary
The Greenshift plugin for WordPress contains a security flaw that lets attackers with some access levels inject malicious code into pages, which can harm visitors. This is a serious issue because it can be used to steal sensitive information or take control of user sessions. To protect your site, update the plugin to the latest version or remove it if it's not essential.
Original title
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_gspb_post_css` post meta value and the `dynamicAttributes` block attri...
Original description
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_gspb_post_css` post meta value and the `dynamicAttributes` block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
nvd CVSS3.1
6.4
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder...
- https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder...
- https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/57b7b171-cd25-4bcd-aa7...
Published: 5 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026