CVE-2025-3616 – Greenshift WordPress Animation and Page Builder Blocks Unvalidated File Upload Vulnerability

April 22, 2025

CVE ID : CVE-2025-3616

Published : April 22, 2025, 5:15 a.m. | 37 minutes ago

Description : The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-46899 – Hitachi Ops Center Analyzer Viewpoint OVF Authentication Credentials Leakage Vulnerability

Next Article CVE-2025-1731 – “USG FLEX H series PostgreSQL Command Privilege Escalation Vulnerability”

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2025-3616 – Greenshift WordPress Animation and Page Builder Blocks Unvalidated File Upload Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

CVE-2022-25868 – Apache HTTP Server Directory Traversal

CVE-2025-7765 – Code-projects Online Appointment Booking System SQL Injection

CVE-2025-3946 – Honeywell Experion PKS and OneWireless WDM Remote Code Execution via Input Data Manipulation

CVE-2025-6097 – UTT 进取 750W Remote Unverified Password Change Vulnerability

CVE-2025-5777 – Critical Citrix NetScaler Vulnerability

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

CVE-2025-4979 – GitLab Information Disclosure Vulnerability

Despite Microsoft’s ‘sneaky tactic,’ this discounted Surface Pro 11 costs the same as the Surface Pro 12-inch

CVE-2025-3616 – Greenshift WordPress Animation and Page Builder Blocks Unvalidated File Upload Vulnerability

Related Posts