vulnerability
WordPress Plugin: nelio-ab-testing: CVE-2026-40742: Exposure of Sensitive Information to an Unauthorized Actor
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Mar 17, 2026 | May 19, 2026 | May 19, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 17, 2026
Added
May 19, 2026
Modified
May 19, 2026
Description
The Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.2.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.
Solution
nelio-ab-testing-plugin-cve-2026-40742
References
- https://www.cve.org/CVERecord?id=CVE-2026-40742
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e53ca576-9705-4362-b2b7-338477002ab9?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22895
- CVE-2026-40742
- https://attackerkb.com/topics/CVE-2026-40742
- CWE-862
- EUVD-EUVD-2026-22895
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.