WordPress Greenshift plugin <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via disablelazy Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Greenshift versions = 12.8.9...

CVE-2026-4895

The CVE-2026-4895 entry concerns the GreenShift - Animation and Page Builder Blocks WordPress plugin. A stored XSS exists in versions up to 12.8.9 due to insufficient input sanitization and output escaping in the gspb_greenShift_block_script_assets() function. The code uses str_replace() to inser...