anonhaven
Ad

CVE-2026-2593

MEDIUM CVSS 3.1: 6.4 EPSS 0.03%
Updated Mar 05, 2026
Meta
Parameter Value
CVSS 6.4 (MEDIUM)
Type CWE-79 (Cross-Site Scripting (XSS) (Межсайтовый скриптинг))
Vendor Meta
Public PoC No

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_gspb_post_css` post meta value and the `dynamicAttributes` block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
Low
Частичная утечка данных
Integrity
Low
Частичная модификация данных
Availability
None
Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS) (Межсайтовый скриптинг)

References 4

https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builde…
security@wordfence.com
https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builde…
security@wordfence.com
https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builde…
security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/57b7b171-cd25-4bcd-aa…
security@wordfence.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2893

Meta

6.5

CVE-2026-2356

Meta

5.3

CVE-2026-1779

Meta

8.1

CVE-2026-2498

Meta

4.4

CVE-2026-2301

Meta

4.3