Imechapishwa: Mar 27, 2026 10:40
Advisory No: TZCERT-SA-26-0139
Source: CVE Database
Software Affected: Nelio AB Testing plugin versions up to and including 8.2.7
CVE-2026-32573 has been assigned to a vulnerability published in March 2026. Full technical details, including the affected software, vendor, and CVSS score, are pending complete publication in the National Vulnerability Database (NVD) and associated vendor advisories.
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing plugin. This vulnerability allows code injection attacks through the affected software. The vulnerability affects Nelio AB Testing versions through 8.2.7.
An attacker could exploit this code injection vulnerability to execute arbitrary code within the context of the Nelio AB Testing plugin. This could potentially allow an attacker to compromise the WordPress installation, modify content, steal sensitive data, or gain unauthorized access to the website and its underlying systems.
Organizations using Nelio AB Testing should immediately check for available updates beyond version 8.2.7 and apply patches as soon as they become available. Additionally, consider limiting access to the Nelio AB Testing plugin functionality, implement Web Application Firewall (WAF) rules to detect and block code injection attempts, and monitor for suspicious activity that may indicate exploitation attempts. Consider disabling the plugin if no patch is available and a timely update cannot be deployed.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
