Description
Missing Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift: from n/a through <= 12.1.1.
Published: 2025-08-22
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a missing authorization flaw in the Greenshift WordPress plugin, allowing an unauthenticated or low‑privileged user to bypass the intended access controls and gain unauthorized access to features normally restricted by plugin settings. The impact is that an attacker could potentially manipulate or view content, modify settings, or otherwise perform actions that should be limited to privileged users.

Affected Systems

The issue affects the wpsoul Greenshift animation and page builder block plugin for WordPress up to version 12.1.1. Any WordPress site that is running this plugin or an earlier unpatched version is susceptible.

Risk and Exploitability

The CVSS score of 4.3 indicates a low‑to‑moderate severity, and the EPSS score of less than 1% suggests a very low probability of exploitation at the time of analysis. This vulnerability is not listed in the CISA KEV catalog. The likely attack vector is web‑based, using the plugin's administrative interface or misconfigured configuration pages that are accessible without proper role verification, exploiting the missing authorization check.

Generated by OpenCVE AI on April 30, 2026 at 08:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Greenshift plugin to version 12.1.2 or later, which resolves the authorization issue.
  • Ensure that WordPress user roles and capabilities are correctly configured so that only intended roles can access plugin settings and features.
  • Verify that the plugin’s configuration does not expose restricted options to lower‑privilege users, and monitor the plugin for any new configuration changes that could re‑introduce access control gaps.

Generated by OpenCVE AI on April 30, 2026 at 08:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28644 Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1. Missing Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift: from n/a through <= 12.1.1.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Sat, 23 Aug 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpsoul
Wpsoul greenshift
Vendors & Products Wordpress
Wordpress wordpress
Wpsoul
Wpsoul greenshift

Fri, 22 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1.
Title WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
Wpsoul Greenshift
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:37.419Z

Reserved: 2025-08-22T11:35:36.400Z

Link: CVE-2025-57884

cve-icon Vulnrichment

Updated: 2025-08-22T13:27:45.444Z

cve-icon NVD

Status : Deferred

Published: 2025-08-22T12:15:31.053

Modified: 2026-04-23T15:32:57.100

Link: CVE-2025-57884

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:15:32Z

Weaknesses