CVE-2023-6636

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpsoul:greenshift:*:*:*:*:*:wordpress:*:*

History

10 Jun 2025, 11:44

Type Values Removed Values Added
First Time Wpsoul greenshift
Wpsoul
CPE cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:* cpe:2.3:a:wpsoul:greenshift:*:*:*:*:*:wordpress:*:*

21 Nov 2024, 08:44

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php?rev=3006373#L867 - Patch () https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php?rev=3006373#L867 - Patch
References () https://plugins.trac.wordpress.org/changeset/3009030/greenshift-animation-and-page-builder-blocks/trunk/settings.php - Patch () https://plugins.trac.wordpress.org/changeset/3009030/greenshift-animation-and-page-builder-blocks/trunk/settings.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/821462d6-970e-4e3e-b91d-e7153296ba9f?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/821462d6-970e-4e3e-b91d-e7153296ba9f?source=cve - Third Party Advisory

17 Jan 2024, 21:20

Type Values Removed Values Added
CPE cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:*
References () https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php?rev=3006373#L867 - () https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php?rev=3006373#L867 - Patch
References () https://plugins.trac.wordpress.org/changeset/3009030/greenshift-animation-and-page-builder-blocks/trunk/settings.php - () https://plugins.trac.wordpress.org/changeset/3009030/greenshift-animation-and-page-builder-blocks/trunk/settings.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/821462d6-970e-4e3e-b91d-e7153296ba9f?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/821462d6-970e-4e3e-b91d-e7153296ba9f?source=cve - Third Party Advisory
First Time Greenshiftwp
Greenshiftwp greenshift - Animation And Page Builder Blocks
CWE CWE-434

11 Jan 2024, 13:57

Type Values Removed Values Added
Summary
  • (es) El complemento Greenshift – animation and page builder blocks para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función 'gspb_save_files' en versiones hasta la 7.6.2 incluida. Esto hace posible que atacantes autenticados con capacidades de nivel de administrador o superior carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código.

11 Jan 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-11 09:15

Updated : 2025-06-10 11:44


NVD link : CVE-2023-6636

Mitre link : CVE-2023-6636

CVE.ORG link : CVE-2023-6636


JSON object : View

Products Affected

wpsoul

  • greenshift
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type