CVE-2025-3616

Name of the Vulnerable Software and Affected Versions Greenshift – animation and page builder blocks plugin for WordPress versions 11.4 through 11.4.5

Description The Greenshift plugin is vulnerable to arbitrary file uploads due to missing file type validation in the gspb make proxy api request() function. This allows authenticated attackers with Subscriber-level access and above to upload arbitrary files on the affected site's server, potentially enabling remote code execution. Over 50,000 WordPress sites are estimated to be at risk. The issue was sufficiently patched in version 11.4.5, and a capability check was added in version 11.4.6 to prevent unauthorized limited file uploads.

Recommendations To resolve the issue for versions 11.4 through 11.4.5, update to version 11.4.6 or later. As a temporary workaround, consider disabling the gspb make proxy api request() function until a patch is available. Restrict access to the vulnerable plugin to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved.