4 matches found
WordPress Greenshift plugin <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via disablelazy Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Greenshift versions = 12.8.9...
CVE-2026-4895 Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...
CVE-2026-4895
The CVE-2026-4895 entry concerns the GreenShift - Animation and Page Builder Blocks WordPress plugin. A stored XSS exists in versions up to 12.8.9 due to insufficient input sanitization and output escaping in the gspb_greenShift_block_script_assets() function. The code uses str_replace() to inser...
CVE-2026-4895 Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...