Greenshift – animation and page builder blocks < 9.9.9.4 – Authenticated (Contributor+) Post Disclosure | CVE 2024-11181 | Plugin Vulnerabilities

Description

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.

Affects Plugins

greenshift-animation-and-page-builder-blocks

Fixed in 9.9.9.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/06047667-2a24-4e1c-9389-11daceff4d23

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Brian Sans-Souci (liardom)

Verified

No

WPVDB ID

5ab844e7-3d7d-4579-9423-ba9ce4313716

Timeline

Publicly Published

2024-12-11 (about 1 year ago)

Added

2024-12-11 (about 1 year ago)

Last Updated

2024-12-12 (about 1 year ago)

Other

Published

Title

Published

2021-05-16

Title

Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities

Published

2025-09-03

Title

wpForo Forum < 2.4.7 - Authenticated (Subscriber+) Insecure Direct Object Reference

Published

2026-04-10

Title

Tutor LMS < 3.9.8 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification

Published

2024-11-19

Title

Image Optimizer, Resizer and CDN – Sirv < 7.3.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion

Published

2024-12-03

Title

Dollie Hub – Build Your Own WordPress Cloud Platform < 6.2.1 - Authenticated (Contributor+) Post Disclosure