CVE-2017-18547 – Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-18547
11 May 2017 — The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. El plugin nelio-ab-testing versiones anteriores a 4.6.4 para WordPress, presenta una vulnerabilidad de tipo CSRF en formularios de experimento. • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-10927 – Nelio AB Testing < 4.5.11 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2016-10927
29 Dec 2016 — The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. El plugin nelio-ab-testing anterior de la versión 4.5.11 para WordPress tiene SSRF en ajax / iesupport.php. • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2016-10926 – Nelio AB Testing < 4.5.9 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2016-10926
08 Dec 2016 — The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. El plugin nelio-ab-testing anterior de la versión 4.5.9 para WordPress tiene SSRF en ajax / iesupport.php. The Nelio AB Testing plugin for WordPress is vulnerable to Server Side Request Forgery in versions up to, and including, 4.5.8 via the 'ajax/iesupport.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted information from the vulnerable service and potentially execute malicious ... • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2016-10977 – Nelio AB Testing < 4.5.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-10977
10 May 2016 — The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. El plugin nelio-ab-testing versiones anteriores a 4.5.0 para WordPress, presenta un salto de directorio de filename=..%2f. The Nelio AB Testing plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.4.4 via the 'filename' parameter. This allows authenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •