Nelio Content allows hackers to make unauthorized server requests

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Nelio Content allows hackers to make unauthorized server requests

CVE-2026-39521

Summary

A security flaw in Nelio Content allows an attacker to trick the software into making unintended server requests, potentially leading to sensitive data exposure or unauthorized access. This affects Nelio Content versions up to 4.3.1. Upgrade to a patched version to prevent exploitation.

Original title

Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.

Original description

Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://patchstack.com/database/Wordpress/Plugin/nelio-content/vulnerability/wor...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026