Server-Side Request Forgery Vulnerability in Nelio Content by Nelio Software
CVE-2026-39521

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Nelio Content
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39521?

A Server-Side Request Forgery (SSRF) vulnerability exists in the Nelio Content plugin by Nelio Software. This issue allows an attacker to send unauthorized requests from the server, potentially leading to exposure of sensitive data or exploitation of other vulnerabilities. The affected versions of Nelio Content include all versions prior to and including 4.3.1. It is crucial for users to update their installations to prevent unauthorized access and secure their web applications.

Affected Version(s)

Nelio Content 0 <= 4.3.1

References

https://patchstack.com/database/Wordpress/Plugin/nelio-co...

vdb-entry

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Steven Julian | Patchstack Bug Bounty Program

CVE-2026-39521 Data

JSON