Home / Vulnerability Intelligence / CVE-2026-32573

CVE-2026-32573 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 25, 2026

Nelio Software Nelio AB Testing - Command Injection

Published: March 25, 2026Updated: March 25, 2026Remote Exploitable

Overview

Nelio Software Nelio AB Testing <= 8.2.7 contains a code injection vulnerability caused by improper control of code generation, letting attackers execute arbitrary code remotely, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 4.4%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version beyond 8.2.7.

References

https://patchstack.com/database/Wordpress/Plugin/nelio-ab-testing/vulnerability/wordpress-nelio-ab-testing-plugin-8-2-7-remote-code-execution-rce-vulnerability?_s_id=cve

Social Media Activity(1 post)

Offensive Sequence

@offseq

Mar 26, 2026

🚨 CRITICAL: CVE-2026-32573 in Nelio AB Testing plugin (≤8.2.7) enables code injection on WordPress sites. No active exploits, but risk of remote code execution. Monitor for patches & harden configs. https://radar.offseq.com/threat/cve-2026-32573-improper-control-of-generation-of-c-2c0edccd #OffSeq #WordPress #Vuln

View original post

Related Resources

Details

CVE ID: CVE-2026-32573
Severity: Critical
CVSS Score: 9.1
Type: command_injection
Status: new
EPSS: 4.4%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

4.4%Probability of exploitation in the next 30 days