Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Wpsoul — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting Wpsoul. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpsoul primarily develops WordPress plugins and themes, focusing on e-commerce solutions and content management enhancements. Its extensive portfolio has resulted in twenty-two recorded Common Vulnerabilities and Exposures, highlighting significant security gaps in its development lifecycle. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls within plugin code. Notable incidents include critical remote code execution flaws that allowed attackers to fully compromise affected websites, leading to data breaches and defacement. The recurring nature of these issues suggests systemic weaknesses in code review processes and dependency management. Consequently, administrators are advised to prioritize regular updates and implement strict security monitoring to mitigate the high risk associated with these widely deployed but vulnerable components.

Top products by Wpsoul: Greenshift – animation and page builder blocks Greenshift Table Maker Greenshift Query and Meta Addon Greenshift Woocommerce Addon GreenCon
CVE IDTitleCVSSSeverityPublished
CVE-2026-4895 Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute — Greenshift – animation and page builder blocksCWE-79 6.4 Medium2026-04-11
CVE-2026-2371 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' — Greenshift – animation and page builder blocksCWE-862 5.3 Medium2026-03-06
CVE-2026-2589 Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup — Greenshift – animation and page builder blocksCWE-200 5.3 Medium2026-03-05
CVE-2026-2593 Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Greenshift – animation and page builder blocksCWE-79 6.4 Medium2026-03-05
CVE-2026-1927 GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css — Greenshift – animation and page builder blocksCWE-862 5.4 Medium2026-02-05
CVE-2025-11841 Greenshift – animation and page builder blocks <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes — Greenshift – animation and page builder blocksCWE-79 6.4 Medium2025-11-04
CVE-2025-57884 WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability — GreenshiftCWE-862 4.3 Medium2025-08-22
CVE-2025-49301 WordPress Greenshift plugin <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability — GreenshiftCWE-79 6.5 Medium2025-06-06
CVE-2025-3616 Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload — Greenshift – animation and page builder blocksCWE-434 8.8 High2025-04-22
CVE-2025-30873 WordPress Greenshift plugin <= 11.0.2 - Cross Site Scripting (XSS) vulnerability — GreenshiftCWE-79 6.5 Medium2025-03-27
CVE-2025-26884 WordPress Greenshift plugin <= 10.8 - Cross Site Scripting (XSS) vulnerability — GreenshiftCWE-79 6.5 Medium2025-02-25
CVE-2024-6155 Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting — Greenshift – animation and page builder blocksCWE-862 6.4 Medium2025-01-09
CVE-2024-11181 Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure — Greenshift – animation and page builder blocksCWE-639 4.3 Medium2024-12-12
CVE-2024-51926 WordPress GreenCon plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability — GreenConCWE-79 6.5 Medium2024-11-19
CVE-2024-50419 WordPress Greenshift plugin <=9.7 - Broken Access Control vulnerability — GreenshiftCWE-863 5.4 Medium2024-10-30
CVE-2024-44005 WordPress Greenshift plugin <= 9.3.7 - Cross Site Scripting (XSS) vulnerability — GreenshiftCWE-79 6.5 Medium2024-09-17
CVE-2024-43943 WordPress Greenshift Woocommerce Addon plugin < 1.9.8 - Subscriber+ SQL Injection vulnerability — Greenshift Woocommerce AddonCWE-89 8.5 High2024-08-29
CVE-2024-43942 WordPress Greenshift Query and Meta Addon plugin < 3.9.2 - Subscriber+ SQL Injection vulnerability — Greenshift Query and Meta AddonCWE-89 8.5 High2024-08-29
CVE-2024-35765 WordPress Greenshift – animation and page builder blocks plugin <= 8.8.9.1 - Cross Site Scripting (XSS) vulnerability — Greenshift – animation and page builder blocksCWE-79 6.5 Medium2024-06-19
CVE-2024-34574 WordPress Table Maker plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability — Table MakerCWE-79 5.9 Medium2024-05-08
CVE-2023-6636 Greenshift – animation and page builder blocks <= 7.6.2 - Authenticated (Administrator+) Arbitrary File Upload — Greenshift – animation and page builder blocksCWE-434 7.2 High2024-01-11
CVE-2023-22707 WordPress Greenshift – animation and page builder blocks Plugin <= 4.9.9 is vulnerable to Cross Site Scripting (XSS) — Greenshift – animation and page builder blocksCWE-79 5.9 Medium2023-03-27

This page lists every published CVE security advisory associated with Wpsoul. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.