98 matches found
WordPress plugin Greenshift 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
EUVD-2024-33999
Malicious code in bioql PyPI...
EUVD-2023-12439
Malicious code in bioql PyPI...
EUVD-2023-58859
Malicious code in bioql PyPI...
EUVD-2024-48001
Malicious code in bioql PyPI...
EUVD-2022-51977
Malicious code in bioql PyPI...
EUVD-2025-12330
Malicious code in bioql PyPI...
WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Greenshift versions = 12.1.1...
CVE-2025-57884 WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1...
CVE-2025-57884 WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift: from n/a through = 12.1.1...
WordPress plugin Greenshift 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-11181
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wpreusablerender' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticate...
CVE-2024-6155
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshiftdownloadfilelocaly function...
CVE-2023-0378
The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-6636
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspbsavefiles' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level...
CVE-2022-4653
The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
Greenshift Plugin for WordPress < 11.4.5 Arbitrary File Upload
The WordPress Greenshift Plugin installed on the remote host is affected by an Arbitrary File Upload. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2025-3616
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspbmakeproxyapirequest function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-3616
The Greenshift – animation and page builder blocks WordPress plugin (versions 11.4–11.4.5) is vulnerable to an authenticated arbitrary file upload due to missing file type validation in gspb_make_proxy_api_request(), allowing Subscriber+ users to upload files on the server and potentially achieve...
CVE-2025-3616 Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspbmakeproxyapirequest function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access...