WordPress Plugin Vulnerabilities

Nelio AB Testing <= 4.5.8 - Server Side Request Forgery (SSRF)

Description

The Nelio AB Testing WordPress plugin was affected by a Server Side Request Forgery (SSRF) security vulnerability.

Affects Plugins

Plugin icon
nelio-ab-testing
Fixed in 4.5.9

References

CVE
CVE-2016-10926
URL
https://quanyang.github.io/part-1-continuous-pwning/
URL
https://plugins.trac.wordpress.org/changeset/1543916/nelio-ab-testing

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
10.0 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
6bab2e3c-1a76-4ea5-bcc3-4f5fc942701a

Timeline

Publicly Published
2016-12-08 (about 9 years ago)
Added
2016-12-21 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-22
Title
Culqi < 3.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2019-09-28
Title
Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)
Published
2021-06-29
Title
RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF
Published
2024-05-08
Title
Starter Templates — Elementor, WordPress & Beaver Builder Templates < 4.1.7 - Contributor+ Server-Side Request Forgery
Published
2025-09-09
Title
WP eBay Product Feeds < 3.4.9 - Authenticated (Contributor+) Server Side Request Forgery