CVE-2026-14345
WPFunnels WooCommerce Plugin Unauthenticated Remote Code Execution.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
The WPFunnels – Funnel Builder for WooCommerce plugin has a remote code execution vulnerability that unauthenticated attackers can exploit via the 'postData' parameter. This could allow arbitrary code execution on the server if the plugin's logging is enabled and an administrator views the log file.