WordPress Plugin Vulnerabilities

Nelio AB Testing < 4.5.0 - Path Traversal

Description

The Nelio AB Testing WordPress plugin was affected by a Path Traversal security vulnerability.

Affects Plugins

Plugin icon
nelio-ab-testing
Fixed in 4.5.0

References

CVE
CVE-2016-10977
URL
https://www.openwall.com/lists/oss-security/2016/05/10/1

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
6.5 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
3c5a123f-a369-49f0-be36-092c5499c9e5

Timeline

Publicly Published
2016-05-11 (about 10 years ago)
Added
2016-05-11 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-07-31
Title
MapSVG < 8.6.12 - Authenticated (Contributor+) Arbitrary File Download
Published
2024-09-30
Title
LiteSpeed Cache < 6.5.1 - Author+ Path Traversal
Published
2026-01-27
Title
Snow Monkey Forms < 12.0.4 - Unauthenticated Arbitrary File Deletion
Published
2025-09-29
Title
All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter
Published
2015-02-11
Title
WordPress Slider Revolution - Local File Disclosure