VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Mar 23, 2026

Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization Vulnerabilities

Review known vulnerability records for the WordPress plugin Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization (`nelio-ab-testing`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-32573, CVE-2026-25378 and CVE-2025-67944, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
5
Patch Coverage
100%
Last Updated
Apr 02, 2026
Priority CVE Quick Links

Fast paths into Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
7
CVE-2017-18547 High 4.6.4
CVE-2017-18547 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization Cross-Site Request Forgery

Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery

CVE-2016-10926 High 4.5.9
CVE-2016-10926 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization Server-Side Request Forgery

Nelio AB Testing < 4.5.9 - Server Side Request Forgery

CVE-2026-32573 High 8.2.8
CVE-2026-32573 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization Remote Code Execution

Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization <= 8.2.7 - Authenticated (Editor+) Remote Code Execution

CVE-2025-67944 High 8.2.0
CVE-2025-67944 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization Remote Code Execution

Nelio AB Testing <= 8.1.8 - Authenticated (Editor+) Remote Code Execution

CVE-2016-10927 High 4.5.11
CVE-2016-10927 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization Server-Side Request Forgery

Nelio AB Testing < 4.5.11 - Server-Side Request Forgery

CVE-2016-10977 Medium 4.5.0
CVE-2016-10977 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization Vulnerability

Nelio AB Testing < 4.5.0 - Directory Traversal

CVE-2026-25378 Medium 8.2.5
CVE-2026-25378 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization SQL Injection

Nelio AB Testing <= 8.2.4 - Authenticated (Editor+) SQL Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 5 high severity findings.
Recent CVEs
CVE-2026-32573, CVE-2026-25378 and CVE-2025-67944
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-32573
CVE-2026-32573: Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization <= 8.2.7 - Authenticated (Editor+) Remote Code Execution

The Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.2.7. This makes it possible for authenticated attackers, with Editor-level access and above, to exe...

Published
Mar 23, 2026
Patched Release
8.2.8
Affected Versions
Versions up to 8.2.7
Next Step
Update to 8.2.8 or newer if supported.
Open CVE-2026-32573 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-25378
CVE-2026-25378: Nelio AB Testing <= 8.2.4 - Authenticated (Editor+) SQL Injection

The Nelio AB Testing plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated atta...

Published
Feb 19, 2026
Patched Release
8.2.5
Affected Versions
Versions up to 8.2.4
Next Step
Update to 8.2.5 or newer if supported.
Open CVE-2026-25378 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-67944
CVE-2025-67944: Nelio AB Testing <= 8.1.8 - Authenticated (Editor+) Remote Code Execution

The Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.1.8. This makes it possible for authenticated attackers, with Editor-level access and above, to exe...

Published
Jan 20, 2026
Patched Release
8.2.0
Affected Versions
Versions up to 8.1.8
Next Step
Update to 8.2.0 or newer if supported.
Open CVE-2025-67944 Report Open CVE Reference
Plugin High Patched: Yes CVE-2017-18547
CVE-2017-18547: Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery

The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.

Published
May 11, 2017
Patched Release
4.6.4
Affected Versions
Versions before 4.6.4
Next Step
Update to 4.6.4 or newer if supported.
Open CVE-2017-18547 Report Open CVE Reference
Plugin High Patched: Yes CVE-2016-10927
CVE-2016-10927: Nelio AB Testing < 4.5.11 - Server-Side Request Forgery

The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.

Published
Dec 29, 2016
Patched Release
4.5.11
Affected Versions
Versions before 4.5.11
Next Step
Update to 4.5.11 or newer if supported.
Open CVE-2016-10927 Report Open CVE Reference
Plugin High Patched: Yes CVE-2016-10926
CVE-2016-10926: Nelio AB Testing < 4.5.9 - Server Side Request Forgery

The Nelio AB Testing plugin for WordPress is vulnerable to Server Side Request Forgery in versions up to, and including, 4.5.8 via the 'ajax/iesupport.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted information from the vulnerable serv...

Published
Dec 08, 2016
Patched Release
4.5.9
Affected Versions
Versions up to 4.5.8
Next Step
Update to 4.5.9 or newer if supported.
Open CVE-2016-10926 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2016-10977
CVE-2016-10977: Nelio AB Testing < 4.5.0 - Directory Traversal

The Nelio AB Testing plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.4.4 via the 'filename' parameter. This allows authenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Published
May 10, 2016
Patched Release
4.5.0
Affected Versions
Versions up to 4.4.4
Next Step
Update to 4.5.0 or newer if supported.
Open CVE-2016-10977 Report Open CVE Reference