Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Greenshift Plugin Exposes Sensitive API Keys in Backup Files
CVE-2026-2589
Summary
The Greenshift plugin for WordPress stores sensitive information, like API keys, in a publicly accessible file. This means unauthorized users can access these keys, potentially allowing them to use them for malicious activities. Update the plugin to the latest version to address this issue.
Original title
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backu...
Original description
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys.
nvd CVSS3.1
5.3
Vulnerability type
CWE-200
Information Exposure
Published: 6 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026