Nelio Software Nelio AB Testing CVE-2025-67944
CRITICALSeverity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.1.8.
AnalysisAI
Nelio AB Testing WordPress plugin has a code injection vulnerability allowing attackers to execute arbitrary code through the A/B testing functionality.
Technical ContextAI
The Nelio AB Testing plugin has a CWE-94 code injection vulnerability that allows attackers to inject and execute arbitrary code through the plugin's testing variation functionality.
Affected ProductsAI
Nelio AB Testing WordPress plugin
RemediationAI
Update the plugin. Review A/B test configurations for injected code.
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today