CVE-2026-2589 — MEDIUM (CVSS 5.3) AI Security Vulnerability

CISO Take

Any WordPress deployment running Greenshift ≤12.8.3 with AI provider integrations is leaking API keys to the open internet right now — no authentication required. Rotate all AI API keys (OpenAI, Anthropic/Claude, Gemini, DeepSeek) immediately and update the plugin. Check your AI provider billing dashboards for anomalous usage that could indicate keys have already been harvested.

Severity & Risk

CVSS 3.1

5.3 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

Advanced

Recommended Action

IMMEDIATE (0-24h): 1) Rotate all AI provider API keys configured in Greenshift — assume compromise if plugin was exposed. 2) Update Greenshift to version 12.8.4 or later (patch in changeset 3465111). 3) Check AI provider dashboards (OpenAI, Anthropic, Google AI Studio, DeepSeek) for unauthorized usage since plugin installation date. SHORT-TERM (24-72h): 4) Audit web server access logs for requests to the backup file path (typically wp-content or plugin directory). 5) Configure web server rules (nginx/Apache) to block direct access to plugin backup files. 6) Enumerate all WordPress deployments in your estate for Greenshift installations. DETECTION: Alert on AI API usage spikes or calls from unexpected IPs; set API key usage alerts in provider consoles. Add Wordfence or equivalent WAF rule to block backup file access.

Classification

Data Extraction Data Leakage Supply Chain API RAG Plugin AML.T0025 - Exfiltration via Cyber Means AML.T0034 - Cost Harvesting AML.T0037 - Data from Local System AML.T0040 - AI Model Inference API Access AML.T0049 - Exploit Public-Facing Application AML.T0055 - Unsecured Credentials AML.T0083 - Credentials from AI Agent Configuration AML.T0085 - Data from AI Services AML.T0091.000 - Application Access Token

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 9 - Risk management system Art.9 - Risk management system

ISO 42001

A.6.2 - AI system security A.7.4 - AI system resource protection A.9.4 - Protection of AI system data

NIST AI RMF

GOVERN-6.1 - Policies and procedures for AI lifecycle data security MANAGE-2.2 - Risk response plans for AI-specific risks PROTECT-2.2 - Mechanisms to sustain AI system trustworthiness and security

OWASP LLM Top 10

LLM02:2025 - Sensitive Information Disclosure LLM10:2025 - Unbounded Consumption

Technical Details

NVD Description

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys.

Exploitation Scenario

Attacker uses Shodan/Censys or automated WordPress scanner to identify sites running Greenshift plugin. With a single unauthenticated GET request to the predictable backup file path, attacker retrieves a JSON/config file containing plaintext API keys for all configured AI providers. Keys are then loaded into an automated harvesting tool: OpenAI and Claude keys are tested for validity and credit balance, high-value keys are sold or used for bulk inference (jailbroken content generation, large-scale embedding extraction, or training data generation). DeepSeek keys may provide additional value given their lower cost threshold. The entire operation is scriptable, silent, and leaves no trace on the victim's WordPress instance.

Weaknesses (CWE)

CWE-200 Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Timeline

Published

March 6, 2026

Last Modified

March 9, 2026

First Seen

March 6, 2026