Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Nelio Software — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting Nelio Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nelio Software develops WordPress optimization and analytics plugins, helping website owners improve performance and user engagement. Historically, their products have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues. The company has accumulated 10 CVEs to date, with several critical RCE weaknesses allowing attackers to execute arbitrary code on affected servers. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their core functionality suggests potential risks for organizations using their plugins without proper hardening or timely updates.

Top products by Nelio Software: Nelio Content Nelio AB Testing Nelio Popups
CVE IDTitleCVSSSeverityPublished
CVE-2026-40742 WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability — Nelio AB TestingCWE-862 5.3 Medium2026-04-15
CVE-2026-39521 WordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerability — Nelio ContentCWE-918 4.9 Medium2026-04-08
CVE-2026-32573 WordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerability — Nelio AB TestingCWE-94 9.1 Critical2026-03-25
CVE-2026-25378 WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability — Nelio AB TestingCWE-89 7.6 High2026-02-19
CVE-2026-25016 WordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerability — Nelio PopupsCWE-862 4.3 Medium2026-02-03
CVE-2026-24572 WordPress Nelio Content plugin <= 4.2.0 - SQL Injection vulnerability — Nelio ContentCWE-89 8.5 High2026-01-23
CVE-2025-67944 WordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerability — Nelio AB TestingCWE-94 9.1 Critical2026-01-22
CVE-2025-66111 WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability — Nelio PopupsCWE-79 6.5 Medium2025-11-21
CVE-2025-62927 WordPress Nelio Content plugin <= 4.0.5 - Broken Access Control vulnerability — Nelio ContentCWE-862 6.5 Medium2025-10-27
CVE-2024-30531 WordPress Nelio Content plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability — Nelio ContentCWE-918 4.9 Medium2024-04-02

This page lists every published CVE security advisory associated with Nelio Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.