WordPress: Attackers can upload malicious code via Greenshift plug-in
Potentially 50,000 WordPress websites with the Greenshift plug-in are vulnerable to malicious code attacks.
(Image: Erstellt mit KI in Bing Designer durch heise online / dmk)
The WordPress plug-in Greenshift is designed to make websites prettier and optimize mobile display. However, under certain circumstances, attackers can now exploit a security vulnerability and compromise websites. The developers have now closed the gap. However, this required two security updates.
Malicious code attacks possible
Security researchers from Wordfence warn of the vulnerability (CVE-2025-3616, risk "high") in an article. Because the gspb_make_proxy_api_request() function does not sufficiently validate file types, authenticated attackers with subscriber-level access can exploit the vulnerability and upload malicious code via the upload function.
This affects Greenshift versions 11.4 up to and including 11.4.5. Version 11.4.5 had already been patched, but the security update was insufficient. Only in version 11.4.6 is the plug-in equipped against the described attack.
Videos by heise
As can be seen from the description of the plug-in, it has more than 50,000 active installations. Even if there are no reports of ongoing attacks, web admins should react promptly and ensure that the latest version is installed.
Last week, it became known that a vulnerability in the Wordpress plug-in Suretriggers compromises around 100,000 websites on which the software is installed. This vulnerability is already being attacked by criminals and actively abused to compromise Wordpress instances.
(des)
