CVE-2026-2589

Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup

Description

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys.

INFO

Published Date :

2026-03-05T23:21:30.668Z

Last Modified :

2026-03-05T23:21:30.668Z

Source :

Wordfence

AFFECTED PRODUCTS

The following products are affected by CVE-2026-2589 vulnerability.

Vendors	Products
Wordpress	Wordpress
Wpsoul	Greenshift – Animation And Page Builder Blocks

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2589.

URL	Resource
https://plugins.trac.wordpress.org/changeset/3465111/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2be2e028-81b8-4fd9-8197-eccf391fee65?source=cve

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact