Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Greenshift

Source -

CNA

CNA CVEs -

6

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2025-57884
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.67%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:59
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1.

Action-Not Available
Vendor-wpsoul
Product-Greenshift
CWE ID-CWE-862
Missing Authorization
CVE-2025-49301
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.12%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Greenshift <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows DOM-Based XSS. This issue affects Greenshift: from n/a through 11.5.5.

Action-Not Available
Vendor-wpsoul
Product-Greenshift
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30873
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG-0.03%
Published-27 Mar, 2025 | 10:55
Updated-09 Jun, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Greenshift plugin <= 11.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 11.0.2.

Action-Not Available
Vendor-wpsoulwpsoul
Product-greenshiftGreenshift
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26884
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.97%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-21 May, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Greenshift plugin <= 10.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8.

Action-Not Available
Vendor-greenshiftwpwpsoul
Product-greenshift_-_animation_and_page_builder_blocksGreenshift
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0378
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 35.30%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 08:50
Updated-10 Jun, 2025 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Greenshift < 5.0 - Contributor+ Stored XSS

The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Action-Not Available
Vendor-wpsoulUnknown
Product-greenshiftGreenshift
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4653
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.54%
||
7 Day CHG~0.00%
Published-16 Jan, 2023 | 15:37
Updated-10 Jun, 2025 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Action-Not Available
Vendor-wpsoulUnknown
Product-greenshiftGreenshift
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')