SQL Injection Vulnerability in Nelio Software's AB Testing Plugin
CVE-2026-25378

7.6HIGH

Key Information:

Vendor: WordPress
Status: Nelio Ab Testing
Vendor: CVE Published:; 19 February 2026

What is CVE-2026-25378?

An SQL injection vulnerability exists in Nelio Software's Nelio AB Testing plugin, which could allow attackers to execute arbitrary SQL commands through the application. This flaw affects versions up to and including 8.2.4, and could enable malicious users to access sensitive data within the database through crafted input strings. It's crucial for users of the affected versions to apply necessary updates or security patches to mitigate the risk of exploitation.

Affected Version(s)

Nelio AB Testing 0 <= 8.2.4

References

https://patchstack.com/database/Wordpress/Plugin/nelio-ab...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Feb 2, 2026

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program

CVE-2026-25378 Data

JSON

WordPress

What is CVE-2026-25378?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit