{"data":{"id":"03473e62-f016-4818-96a7-600e18da5b85","title":"CVE-2026-2589: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure ","summary":"The Greenshift plugin for WordPress (used to create animations and page builder blocks) has a vulnerability where automated backup files are stored in a publicly accessible location, allowing attackers to read sensitive API keys (for OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile) without needing to log in. This affects all versions up to 12.8.3.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-2589","publishedAt":"2026-03-06T00:16:14.070Z","cveId":"CVE-2026-2589","cweIds":["CWE-200"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI","Anthropic","Google"],"affectedVendorsRaw":["OpenAI","Claude (Anthropic)","Google Maps","Gemini","DeepSeek","Cloudflare Turnstile"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00029,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}