CVE-2025-3616 – Greenshift WordPress Animation and Page Builder Blocks Unvalidated File Upload Vulnerability

April 22, 2025

CVE ID : CVE-2025-3616

Published : April 22, 2025, 5:15 a.m. | 37 minutes ago

Description : The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-46899 – Hitachi Ops Center Analyzer Viewpoint OVF Authentication Credentials Leakage Vulnerability

Next Article CVE-2025-1731 – “USG FLEX H series PostgreSQL Command Privilege Escalation Vulnerability”

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2025-3616 – Greenshift WordPress Animation and Page Builder Blocks Unvalidated File Upload Vulnerability

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Anthropic’s Evaluation of Chain-of-Thought Faithfulness: Investigating Hidden Reasoning, Reward Hacks, and the Limitations of Verbal AI Transparency in Reasoning Models

BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware

OpenAI used to test its AI models for months – now it’s days. Why that matters

CVE-2025-32814 – Infoblox NETMRI SQL Injection Vulnerability

Table Habit – establish and track your own micro habit

The no-nonsense approach to AI agent development

CVE-2025-2880 – Yame Link In Bio WordPress Sensitive Information Exposure

Cypress Automation: Tag-Based Parallel Execution with Custom Configuration

CVE-2025-3616 – Greenshift WordPress Animation and Page Builder Blocks Unvalidated File Upload Vulnerability

Related Posts