Browse all 10 CVE security advisories affecting Nelio Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nelio Software develops WordPress optimization and analytics plugins, helping website owners improve performance and user engagement. Historically, their products have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues. The company has accumulated 10 CVEs to date, with several critical RCE weaknesses allowing attackers to execute arbitrary code on affected servers. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their core functionality suggests potential risks for organizations using their plugins without proper hardening or timely updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40742 | WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability — Nelio AB TestingCWE-862 | 5.3 | Medium | 2026-04-15 |
| CVE-2026-32573 | WordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerability — Nelio AB TestingCWE-94 | 9.1 | Critical | 2026-03-25 |
| CVE-2026-25378 | WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability — Nelio AB TestingCWE-89 | 7.6 | High | 2026-02-19 |
| CVE-2025-67944 | WordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerability — Nelio AB TestingCWE-94 | 9.1 | Critical | 2026-01-22 |
This page lists every published CVE security advisory associated with Nelio Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.