4 matches found
CVE-2017-18547
The CVE concerns the WordPress Nelio Ab Testing plugin prior to version 4.6.4, where a CSRF flaw exists in the experiment forms. Multiple connected sources (Red Hat CVE entry, CNVD/CVE listings, CVE records, and WP vulnerability databases) corroborate that the vulnerability is a CSRF issue in the...
CVE-2016-10977
The CVE-2016-10977 entry concerns the Nelio AB Testing WordPress plugin. Affected software: Nelio AB Testing plugin for WordPress. Vulnerable component/issue: filename=..%2f directory traversal in versions before 4.5.0. Root cause: directory traversal flaw allows referencing files outside the int...
CVE-2016-10927
CVE-2016-10927 affects the WordPress plugin nelio-ab-testing (pre-4.5.11). The vulnerability is an SSRF in ajax/iesupport.php, with CVSSv3 base score 10.0 (CRITICAL) and CVSSv2 base score 6.4 (MEDIUM). Impact indicators shown: high confidentiality and integrity impact, no availability impact; exp...
CVE-2016-10926
The CVE concerns the Nelio AB Testing WordPress plugin prior to version 4.5.9, which contains a Server-Side Request Forgery (SSRF) vulnerability in ajax/iesupport.php. Publicly documented impact indicates high risk to confidentiality and integrity (CVSS3 base score 10.0; vector: NETWORK, no privi...