Vulnerabilities and security researches fornelio-ab-testing nelio-ab-testing

Jun 06, 2024

CVE, Research URL: CVE-2016-10977
Home page URL: Security reports for Nelio AB Testing
Application: Nelio AB Testing
Date: Sep 17, 2019
Research Description: The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.
Affected versions: max 4.5.0.
Status: vulnerable

CVE, Research URL: CVE-2016-10926
Home page URL: Security reports for Nelio AB Testing
Application: Nelio AB Testing
Date: Aug 22, 2019
Research Description: The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
Affected versions: max 4.5.9.
Status: vulnerable

CVE, Research URL: CVE-2016-10927
Home page URL: Security reports for Nelio AB Testing
Application: Nelio AB Testing
Date: Aug 22, 2019
Research Description: The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
Affected versions: max 4.5.11.
Status: vulnerable

CVE, Research URL: CVE-2017-18547
Home page URL: Security reports for Nelio AB Testing
Application: Nelio AB Testing
Date: Aug 17, 2019
Research Description: The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
Affected versions: max 4.5.9.
Status: vulnerable

Jan 27, 2026

CVE, Research URL: CVE-2025-67944
Home page URL: Security reports for Nelio AB Testing
Application: Nelio AB Testing
Date: Jan 22, 2026
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.1.8.
Affected versions: max 8.1.8.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2026-25378
Home page URL: Security reports for Nelio AB Testing
Application: Nelio AB Testing
Date: Feb 19, 2026
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.
Affected versions: max 8.2.4.
Status: vulnerable