Product
An unauthenticated remote code execution vulnerability (CVE-2026-14345) exists in the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress, affecting versions up to and including 3.12.7, allowing attackers to inject malicious PHP code into a log file via the 'postData' parameter, which is then executed when an administrator views the log.