CVE-2026-1927: CWE-862 Missing Authorization in wpsoul Greenshift – animation and page builder blocks
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve global plugin settings including stored AI API keys and modify plugin settings, including the injection of arbitrary web scripts via the 'custom_css' value (stored XSS). NOTE: This vulnerability was partially patched in version 12.6.
AI Analysis
Technical Summary
CVE-2026-1927 describes a missing authorization (CWE-862) vulnerability in the Greenshift – animation and page builder blocks WordPress plugin. The issue arises from the lack of a capability check in the greenshift_app_pass_validation() function, allowing authenticated users with low privileges (Subscriber and above) to retrieve and modify sensitive plugin settings. This includes exposure of stored AI API keys and the ability to inject arbitrary web scripts through the 'custom_css' parameter, resulting in stored cross-site scripting (XSS). The vulnerability affects all versions up to and including 12.6, with a partial patch applied in version 12.6. No full patch or official fix link is provided.
Potential Impact
An attacker with Subscriber-level access can access sensitive plugin configuration data, including AI API keys, and modify plugin settings. This can lead to stored XSS attacks via the 'custom_css' field, potentially compromising site integrity and user security. The vulnerability does not allow privilege escalation or denial of service but exposes confidential data and enables script injection. The partial patch in version 12.6 may reduce but not fully eliminate the risk.
Mitigation Recommendations
Patch status is not yet confirmed as fully fixed since only a partial patch was applied in version 12.6 and no official fix advisory or patch link is provided. Users should verify with the plugin vendor for updates beyond version 12.6. Until a full fix is confirmed, restrict Subscriber-level access where possible and monitor for suspicious activity related to plugin settings. Avoid using versions up to 12.6 in sensitive environments.
CVE-2026-1927: CWE-862 Missing Authorization in wpsoul Greenshift – animation and page builder blocks
Description
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve global plugin settings including stored AI API keys and modify plugin settings, including the injection of arbitrary web scripts via the 'custom_css' value (stored XSS). NOTE: This vulnerability was partially patched in version 12.6.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-1927 describes a missing authorization (CWE-862) vulnerability in the Greenshift – animation and page builder blocks WordPress plugin. The issue arises from the lack of a capability check in the greenshift_app_pass_validation() function, allowing authenticated users with low privileges (Subscriber and above) to retrieve and modify sensitive plugin settings. This includes exposure of stored AI API keys and the ability to inject arbitrary web scripts through the 'custom_css' parameter, resulting in stored cross-site scripting (XSS). The vulnerability affects all versions up to and including 12.6, with a partial patch applied in version 12.6. No full patch or official fix link is provided.
Potential Impact
An attacker with Subscriber-level access can access sensitive plugin configuration data, including AI API keys, and modify plugin settings. This can lead to stored XSS attacks via the 'custom_css' field, potentially compromising site integrity and user security. The vulnerability does not allow privilege escalation or denial of service but exposes confidential data and enables script injection. The partial patch in version 12.6 may reduce but not fully eliminate the risk.
Mitigation Recommendations
Patch status is not yet confirmed as fully fixed since only a partial patch was applied in version 12.6 and no official fix advisory or patch link is provided. Users should verify with the plugin vendor for updates beyond version 12.6. Until a full fix is confirmed, restrict Subscriber-level access where possible and monitor for suspicious activity related to plugin settings. Avoid using versions up to 12.6 in sensitive environments.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-02-04T19:48:41.429Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69849ef7f9fa50a62f23a797
Added to database: 2/5/2026, 1:45:27 PM
Last enriched: 4/9/2026, 6:36:14 PM
Last updated: 5/6/2026, 11:29:07 AM
Views: 181
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.