Cyber Posture

CVE-2025-67944

CriticalRCE

Published: 22 January 2026

Published
22 January 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0006 20.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67944 is a critical-severity Code Injection (CWE-94) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1505.003) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the specific code injection flaw in Nelio AB Testing plugin versions through 8.1.8 by identifying, reporting, and applying patches.

SI-10 Information Input Validation good match
prevent

Implements input validation and error handling at plugin entry points to block malicious code injection payloads.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to minimize the number of high-privilege administrator accounts that could exploit the PR:H requirement.

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Code injection (CWE-94) in WordPress plugin directly enables arbitrary PHP/server-side code execution by a privileged admin, mapping to web shell implantation and Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.1.8.

Deeper analysisAI

CVE-2025-67944 is an Improper Control of Generation of Code ('Code Injection') vulnerability, classified under CWE-94, in the Nelio AB Testing WordPress plugin (nelio-ab-testing) developed by Nelio Software. This issue affects all versions of the plugin from n/a through 8.1.8 inclusive. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

The attack scenario requires an authenticated attacker with high privileges, such as an administrator, to exploit the vulnerability remotely with low complexity and no user interaction. Successful exploitation enables arbitrary code injection and execution, granting the attacker high-impact control over confidentiality, integrity, and availability, with a scope change that can affect broader system components.

The primary advisory from Patchstack (https://patchstack.com/database/Wordpress/Plugin/nelio-ab-testing/vulnerability/wordpress-nelio-ab-testing-plugin-8-1-8-arbitrary-code-execution-vulnerability?_s_id=cve) documents this as an arbitrary code execution vulnerability specifically in Nelio AB Testing version 8.1.8. Security practitioners should consult the advisory for detailed mitigation recommendations, including any available patches or workarounds.

Details

CWE(s)
CWE-94

CVEs Like This One

CVE-2026-28134Shared CWE-94
CVE-2024-56278Shared CWE-94
CVE-2025-57283Shared CWE-94
CVE-2026-25001Shared CWE-94
CVE-2024-39148Shared CWE-94
CVE-2026-3120Shared CWE-94
CVE-2025-22905Shared CWE-94
CVE-2026-29955Shared CWE-94
CVE-2026-35197Shared CWE-94
CVE-2025-66224Shared CWE-94

References