Description
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys.
Published: 2026-03-05
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Patch
AI Analysis

Impact

The Greenshift – animation and page builder blocks plugin for WordPress holds a vulnerability that allows any unauthenticated user to read a publicly accessible settings backup file. This file contains full copies of all configuration settings, including API keys for OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile. An attacker who can download this file can therefore steal valuable credentials and potentially compromise user accounts or services that rely on these APIs.

Affected Systems

WordPress sites using the Greenshift plugin prior to or including version 12.8.3 are affected. The issue is specific to this plugin and does not extend to other WordPress components or external applications.

Risk and Exploitability

The vulnerability has a CVSS score of 5.3, indicating a moderate impact. The EPSS score is less than 1 %, suggesting a low likelihood of exploitation at present, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers can exploit the flaw by simply accessing the backup file over the network; authentication is not required.

Generated by OpenCVE AI on April 15, 2026 at 22:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Greenshift – animation and page builder blocks to version 12.8.4 or later
  • Delete any existing publicly accessible backup files from the server to remove exposed API keys
  • Configure file permissions or move the backup file outside the web root so that unauthenticated users cannot access it

Generated by OpenCVE AI on April 15, 2026 at 22:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpsoul
Wpsoul greenshift – Animation And Page Builder Blocks
Vendors & Products Wordpress
Wordpress wordpress
Wpsoul
Wpsoul greenshift – Animation And Page Builder Blocks

Thu, 05 Mar 2026 23:45:00 +0000

Type Values Removed Values Added
Description The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys.
Title Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
Wpsoul Greenshift – Animation And Page Builder Blocks
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:43:45.465Z

Reserved: 2026-02-16T14:58:55.002Z

Link: CVE-2026-2589

cve-icon Vulnrichment

Updated: 2026-03-09T20:25:46.446Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-06T00:16:14.070

Modified: 2026-03-09T13:36:08.413

Link: CVE-2026-2589

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T22:45:16Z

Weaknesses