CVE-2026-2589
Sensitive Information Exposure in Greenshift WordPress Plugin API Keys
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| greenshift | animation_and_page_builder_blocks | to 12.8.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Greenshift β animation and page builder blocks plugin for WordPress has a vulnerability in all versions up to and including 12.8.3. This vulnerability involves Sensitive Information Exposure through an automated Settings Backup file that is publicly accessible.
Because the backup file is accessible without authentication, attackers can extract sensitive data such as configured API keys for OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to access sensitive API keys stored in the plugin's settings backup file.
- Attackers could misuse these API keys to access or manipulate services linked to your WordPress site.
- Exposure of these keys could lead to unauthorized use of third-party services, potential data leaks, or additional security breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves sensitive information exposure through an automated Settings Backup stored in a publicly accessible file. Detection would involve checking for the presence of such backup files that may contain API keys.
A practical approach is to search your web server or WordPress installation directories for backup files related to the Greenshift plugin that might be publicly accessible.
- Use commands like `find` on your server to locate backup files, for example: `find /path/to/wordpress/wp-content/plugins/greenshift-animation-and-page-builder-blocks/ -name '*backup*'`
- Use `curl` or `wget` to attempt to access suspected backup files via HTTP to see if they are publicly accessible, e.g., `curl http://yourdomain.com/wp-content/plugins/greenshift-animation-and-page-builder-blocks/settings-backup.json`
- Check your web server logs for unusual or unauthorized access attempts to backup files related to the Greenshift plugin.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Greenshift plugin to version 12.8.4 or later, where this vulnerability has been addressed.
Additionally, restrict public access to any automated Settings Backup files by configuring your web server to deny access or moving these files outside the web root.
Review and rotate any exposed API keys (OpenAI, Claude, Google Maps, Gemini, DeepSeek, Cloudflare Turnstile) to prevent unauthorized use.