
Critical Vulnerability in WordPress Greenshift Plugin Puts Entire Websites at Risk
In today’s digital landscape, website security has become more critical than ever. Many site owners rely on plugins to enhance design and expand functionality. However, these very extensions can sometimes open the door to significant security risks. A recently discovered critical vulnerability in the Greenshift – Animation and Page Builder Blocks plugin for WordPress is a stark reminder of this reality.
Identified as CVE-2025-3616, this high-severity vulnerability affects Greenshift plugin versions from 11.4 to 11.4.5. It enables attackers to upload malicious files, potentially leading to complete control over a website.
The issue stems from the gspb_make_proxy_api_request() function, introduced in version 11.4. This function allows users to upload files but lacks sufficient security checks. As a result, attackers can bypass MIME type validation and upload malicious PHP files.
These files are stored in the publicly accessible /wp-content/uploads/api_upload/ directory, where they can be executed by the server, enabling Remote Code Execution (RCE).
Potential Consequences:
- Complete takeover of the website.
- Theft of sensitive data or website defacement.
- Attacks on other users through malicious script injection.
- Installation of backdoors for persistent system access.
- Privilege escalation from basic user access to full administrative control.
This threat has been rated 8.8 on the CVSS scale, marking it as a high-risk vulnerability.
Affected and Fixed Versions:
🛑 Affected Versions:
- Greenshift – Animation and Page Builder Blocks, versions 11.4 to 11.4.5
✅ Fixed Version:
- Greenshift 11.4.6 and higher
Recommended Actions:
- Update the plugin to the latest version (11.4.6 or higher).
- Check the /wp-content/uploads/api_upload/ directory for suspicious files.
- Review WordPress user permissions and adhere to the principle of least privilege.
- Strengthen your site’s security with antivirus software and a Web Application Firewall (WAF).
- Notify your technical team or hosting provider about the threat if necessary.
Plugins enhance functionality and elevate design, but their vulnerabilities can put entire systems at risk. The Greenshift vulnerability is a prime example, serving as a wake-up call for many.
Remember: regular updates and vigilant oversight are the strongest shields in modern cybersecurity.
🔒 Update your systems today to protect them tomorrow.