Nelio AB Testing versions up to 8.2.7 are susceptible to a critical code injection vulnerability that could lead to full site takeover and remote code execution.

This flaw involves the Improper Control of Generation of Code ('Code Injection') within the Nelio AB Testing plugin. The vulnerability allows an attacker to inject and execute malicious code, potentially gaining unauthorized control over the WordPress environment.

A successful exploit could result in the complete compromise of the affected web server, leading to unauthorized data access, website defacement, or the installation of persistent backdoors. The CVSS score of 9.1 reflects a Critical severity level, indicating that the vulnerability poses an extreme risk to organizational data integrity and service availability.

Immediate Action: Update the Nelio AB Testing plugin to the latest available version (greater than 8.2.7) immediately to patch the injection point.

Proactive Monitoring: Review web server access logs for unusual PHP execution patterns or suspicious requests targeting plugin directories.

Compensating Controls: Implement a Web Application Firewall (WAF) with rulesets specifically designed to block common remote code execution (RCE) and code injection patterns.

Public Exploit Available: false

The critical nature of this code injection vulnerability necessitates immediate remediation. IT administrators should prioritize updating the Nelio AB Testing plugin across all WordPress instances to prevent unauthorized system access and ensure the security of the underlying hosting infrastructure.