CVE-2026-4895: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpsoul Greenshift – animation and page builder blocks
CVE-2026-4895 is a stored cross-site scripting (XSS) vulnerability in the GreenShift - Animation and Page Builder Blocks WordPress plugin up to version 12. 8. 9. The issue arises from improper input sanitization and output escaping in the function gspb_greenShift_block_script_assets(), which uses str_replace() unsafely on HTML strings. Authenticated users with contributor-level access or higher can exploit this to inject malicious scripts that execute when other users view the affected pages. The vulnerability has a CVSS score of 6. 4 (medium severity). No official patch or remediation guidance is currently available from the vendor, and no known exploits are reported in the wild.
AI Analysis
Technical Summary
The GreenShift WordPress plugin contains a stored XSS vulnerability due to unsafe string replacement in the gspb_greenShift_block_script_assets() function. This function attempts to insert 'fetchpriority="high"' before 'src=' attributes in HTML but does so by applying str_replace() on the entire HTML string without proper parsing. This allows attackers with contributor-level privileges to inject crafted attribute values containing 'src=' substrings, breaking out of attribute contexts and enabling injection of malicious JavaScript event handlers. The vulnerability affects all versions up to and including 12.8.9. No vendor patch or official remediation has been published as of the data provided.
Potential Impact
An attacker with contributor-level access or higher can inject arbitrary JavaScript into pages generated by the plugin, leading to stored cross-site scripting. This can result in script execution in the context of users viewing the compromised pages, potentially enabling session hijacking, defacement, or other client-side attacks. The vulnerability does not affect availability and requires authenticated access, but it impacts confidentiality and integrity of user sessions and data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict contributor-level access to trusted users only and consider disabling or removing the affected plugin if possible. Monitor vendor channels for updates and apply patches promptly once available.
CVE-2026-4895: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpsoul Greenshift – animation and page builder blocks
Description
CVE-2026-4895 is a stored cross-site scripting (XSS) vulnerability in the GreenShift - Animation and Page Builder Blocks WordPress plugin up to version 12. 8. 9. The issue arises from improper input sanitization and output escaping in the function gspb_greenShift_block_script_assets(), which uses str_replace() unsafely on HTML strings. Authenticated users with contributor-level access or higher can exploit this to inject malicious scripts that execute when other users view the affected pages. The vulnerability has a CVSS score of 6. 4 (medium severity). No official patch or remediation guidance is currently available from the vendor, and no known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The GreenShift WordPress plugin contains a stored XSS vulnerability due to unsafe string replacement in the gspb_greenShift_block_script_assets() function. This function attempts to insert 'fetchpriority="high"' before 'src=' attributes in HTML but does so by applying str_replace() on the entire HTML string without proper parsing. This allows attackers with contributor-level privileges to inject crafted attribute values containing 'src=' substrings, breaking out of attribute contexts and enabling injection of malicious JavaScript event handlers. The vulnerability affects all versions up to and including 12.8.9. No vendor patch or official remediation has been published as of the data provided.
Potential Impact
An attacker with contributor-level access or higher can inject arbitrary JavaScript into pages generated by the plugin, leading to stored cross-site scripting. This can result in script execution in the context of users viewing the compromised pages, potentially enabling session hijacking, defacement, or other client-side attacks. The vulnerability does not affect availability and requires authenticated access, but it impacts confidentiality and integrity of user sessions and data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict contributor-level access to trusted users only and consider disabling or removing the affected plugin if possible. Monitor vendor channels for updates and apply patches promptly once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-03-26T14:07:20.492Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d9a5741cc7ad14da144120
Added to database: 4/11/2026, 1:35:48 AM
Last enriched: 4/11/2026, 1:51:15 AM
Last updated: 4/11/2026, 2:56:54 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.