Lucene search
K

4 matches found

Patchstack
Patchstack
added 2026/04/12 11:18 p.m.7 views

WordPress Greenshift plugin <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via disablelazy Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Greenshift versions = 12.8.9...

6.4CVSS5.8AI score0.0042EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/11 1:24 a.m.2 views

CVE-2026-4895 Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute

The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...

6.4CVSS6AI score0.0042EPSS
Exploits0References7
CVE
CVE
added 2026/04/11 1:24 a.m.12 views

CVE-2026-4895

The CVE-2026-4895 entry concerns the GreenShift - Animation and Page Builder Blocks WordPress plugin. A stored XSS exists in versions up to 12.8.9 due to insufficient input sanitization and output escaping in the gspb_greenShift_block_script_assets() function. The code uses str_replace() to inser...

6.4CVSS6AI score0.0042EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/11 1:24 a.m.27 views

CVE-2026-4895 Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute

The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...

6.4CVSS0.0042EPSS
Exploits0References7
Rows per page
Query Builder