CVE-2026-2589
Received Received - Intake
Sensitive Information Exposure in Greenshift WordPress Plugin API Keys

Publication date: 2026-03-06

Last updated on: 2026-03-06

Assigner: Wordfence

Description
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2589
EUVD
EUVD-2026-9941
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
greenshift animation_and_page_builder_blocks to 12.8.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Greenshift – animation and page builder blocks plugin for WordPress has a vulnerability in all versions up to and including 12.8.3. This vulnerability involves Sensitive Information Exposure through an automated Settings Backup file that is publicly accessible.

Because the backup file is accessible without authentication, attackers can extract sensitive data such as configured API keys for OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile.

Impact Analysis

This vulnerability allows unauthenticated attackers to access sensitive API keys stored in the plugin's settings backup file.

  • Attackers could misuse these API keys to access or manipulate services linked to your WordPress site.
  • Exposure of these keys could lead to unauthorized use of third-party services, potential data leaks, or additional security breaches.
Compliance Impact

I don't know

Detection Guidance

This vulnerability involves sensitive information exposure through an automated Settings Backup stored in a publicly accessible file. Detection would involve checking for the presence of such backup files that may contain API keys.

A practical approach is to search your web server or WordPress installation directories for backup files related to the Greenshift plugin that might be publicly accessible.

  • Use commands like `find` on your server to locate backup files, for example: `find /path/to/wordpress/wp-content/plugins/greenshift-animation-and-page-builder-blocks/ -name '*backup*'`
  • Use `curl` or `wget` to attempt to access suspected backup files via HTTP to see if they are publicly accessible, e.g., `curl http://yourdomain.com/wp-content/plugins/greenshift-animation-and-page-builder-blocks/settings-backup.json`
  • Check your web server logs for unusual or unauthorized access attempts to backup files related to the Greenshift plugin.
Mitigation Strategies

The immediate mitigation step is to update the Greenshift plugin to version 12.8.4 or later, where this vulnerability has been addressed.

Additionally, restrict public access to any automated Settings Backup files by configuring your web server to deny access or moving these files outside the web root.

Review and rotate any exposed API keys (OpenAI, Claude, Google Maps, Gemini, DeepSeek, Cloudflare Turnstile) to prevent unauthorized use.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2589. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart