CVE-2026-1927

Name of the Vulnerable Software and Affected Versions Greenshift – animation and page builder blocks plugin for WordPress versions through 12.5.7

Description The plugin is susceptible to unauthorized data access because of a missing capability check within the greenshift app pass validation() function. Attackers with Subscriber-level access or higher can retrieve global plugin settings, including stored AI API keys.

Recommendations Update to a version beyond 12.5.7.