CVE-2026-14345
Last modified
CVE-2026-14345 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values into a PHP-includeable .log file combined with the use of include_once to render that file in wpfnl_show_log. EPSS estimates a 0.74% chance of exploitation in the next 30 days.
Description
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values into a PHP-includeable .log file combined with the use of include_once to render that file in wpfnl_show_log. This makes it possible for unauthenticated attackers to execute code on the server. Exploitation requires that the Log Settings "Enable Logs" toggle is on and that an administrator subsequently opens the polluted log file via the plugin's Log Settings View UI; however, the nonce required to reach the optin endpoint is publicly emitted on every funnel step page, so the injection step itself is fully unauthenticated.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | <= 3.12.7 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-14345?
How severe is CVE-2026-14345?
How do I fix CVE-2026-14345?
Related CVEs from 2026
- CVE-2026-14330Multiple unbounded alloca() calls in the PulseAudio protocol…5.5
- CVE-2026-14336PIA's OIDC issuer allowlist for Jenkins tokens uses a bare s…8.2
- CVE-2026-1434Omega-PSIR is vulnerable to Reflected XSS via the lang param…6.1
- CVE-2026-14340An incorrect authorization vulnerability was identified in G…5
- CVE-2026-14342The Mail Mint – Email Marketing, Newsletter, Email Automatio…4.9
- CVE-2026-14343The Download Manager plugin for WordPress is vulnerable to S…6.4
- CVE-2026-1435Not properly invalidated session vulnerability in Graylog We…9.8
- CVE-2026-14352The AR for WooCommerce plugin for WordPress is vulnerable to…7.5
- CVE-2026-14355In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.…5.3
- CVE-2026-14358Improper neutralization of input during web page generation …6.1
- CVE-2026-1436Improper Access Control (IDOR) in the Graylog API, version 2…6.5
- CVE-2026-14361The consul-template library before version 0.42.1 is vulnera…4.7
Are you affected by CVE-2026-14345?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
