{"uuid": "ff40a3c3-4596-4bad-a1b1-63ce1468b296", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3616", "type": "seen", "source": "https://t.me/cvedetector/23483", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3616 - Greenshift WordPress Animation and Page Builder Blocks Unvalidated File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3616 \nPublished : April 22, 2025, 5:15 a.m. | 36\u00a0minutes ago \nDescription : The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T08:22:15.000000Z"}