Greenshift – animation and page builder blocks

Vulnerabilities 25Slug greenshift-animation-and-page-builder-blocksLatest version 12.9.6WordPress.org →

Minimum safe version

12.9.0

Update to 12.9.0 or later to address 25 fixable vulnerabilities

Latest available12.9.6 ✓

N/A

2026-02-05< 12.6.1

GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css

Wordfence CVE

N/A

2026-03-05< 12.8.4

Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup

Wordfence CVE

N/A

2026-03-05< 12.8.6

Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence CVE

N/A

2026-03-06< 12.8.4

Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'

Wordfence CVE

Medium 6.4

2026-04-11< 12.9.0

Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute

EUVD Wordfence CVE

Medium 6.4

2025-11-04< 12.2.8

CVE-2025-11841

CVE Wordfence

Medium 4.3

2025-08-22< 12.1.2

CVE-2025-57884

CVE Wordfence EUVD

Medium 6.5

2025-06-06< 11.5.7

CVE-2025-49301

CVE EUVD Wordfence

High 8.8

2025-04-21< 11.4.6

Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload

Wordfence CVE

Medium 5.4

2025-03-27< 11.1

CVE-2025-30873

CVE Wordfence EUVD

Medium 6.5

2025-02-25< 10.9

CVE-2025-26884

CVE EUVD Wordfence

Medium 5.4

2025-01-08< 9.0.1

Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting

Wordfence CVE

Medium 4.3

2024-12-12< 9.9.9.4

CVE-2024-11181

CVE Patchstack Wordfence

Medium 6.3

2024-10-16< 1.1.6

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

Medium 5.4

2024-10-30< 9.8

CVE-2024-50419