平台
wordpress
组件
nelio-ab-testing
修复版本
8.1.9
CVE-2025-67944 describes a critical code injection vulnerability discovered in Nelio AB Testing, a WordPress plugin. This flaw allows attackers to inject and execute arbitrary code on vulnerable systems, potentially leading to complete control. The vulnerability affects versions from 0.0.0 up to and including 8.1.8. A patch is available in version 8.2.0.
The code injection vulnerability in Nelio AB Testing poses a significant threat. An attacker could leverage this flaw to execute malicious code directly on the WordPress server, gaining unauthorized access and control. This could involve stealing sensitive data, modifying website content, installing malware, or even pivoting to other systems on the network. The impact is particularly severe because WordPress sites often host critical business data and are accessible to a wide range of users. Successful exploitation could result in data breaches, reputational damage, and financial losses.
CVE-2025-67944 was publicly disclosed on 2026-01-22. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability is listed on the NVD. The EPSS score is pending evaluation, but the CRITICAL CVSS score suggests a high probability of exploitation if the vulnerability remains unpatched.
WordPress websites utilizing the Nelio AB Testing plugin, particularly those running older versions (0.0.0–8.1.8), are at significant risk. Shared hosting environments where plugin updates are managed by the hosting provider are also vulnerable if they haven't applied the update. Sites with limited security monitoring or input validation practices are especially susceptible.
• wordpress / composer / npm:
grep -r 'nelio-ab-testing' /var/www/html/wp-content/plugins/
wp plugin list | grep nelio-ab-testing• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/nelio-ab-testing/disclosure
漏洞利用状态
EPSS
0.06% (18% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-67944 is to immediately upgrade Nelio AB Testing to version 8.2.0 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily disabling the Nelio AB Testing plugin. While not a complete solution, implementing strict input validation and sanitization on any user-supplied data processed by the plugin can help reduce the attack surface. Monitor WordPress access logs for suspicious activity, particularly attempts to inject code or execute unusual commands.
Update to version 8.2.0, or a newer patched version
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-67944 is a critical code injection vulnerability affecting Nelio AB Testing WordPress plugin versions 0.0.0–8.1.8, allowing attackers to execute arbitrary code.
Yes, if you are using Nelio AB Testing version 0.0.0 through 8.1.8, you are vulnerable to this code injection flaw.
Upgrade Nelio AB Testing to version 8.2.0 or later to patch the vulnerability. If immediate upgrade is not possible, temporarily disable the plugin.
As of the disclosure date, there are no confirmed reports of active exploitation, but the CRITICAL severity warrants immediate action.
Refer to the Nelio Software website and WordPress plugin repository for the official advisory and update information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。