The vulnerability enables authenticated WordPress users with Contributor permissions or higher to persist malicious JavaScript in the _gspb_post_css post meta field or the dynamicAttributes block attribute. Because the plugin never sanitizes this input and never escapes it when rendering, the script is stored and later executed in browsers that view the affected page, creating a stored cross‑site scripting flaw. The description does not mention any additional consequences beyond executing arbitrary scripts for page visitors.

WordPress sites that have the Greenshift – animation and page builder blocks plugin at version 12.8.5 or earlier are vulnerable. Any site that has installed the plugin up to 12.8.5 and grants contributor‑level access to users can exploit this weakness.

The CVSS score of 6.4 indicates a moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Exploitation requires an authenticated account with Contributor or higher permissions; an attacker must therefore compromise legitimate credentials or otherwise obtain sufficient access. When such access is achieved, the attacker can inject malicious scripts that will run for any visitor to the modified page. The description does not explicitly describe further impacts such as credential theft or defacement, so those conclusions are not inferred.