Threats Tagged 'cve-2026-14345'
View all threats tagged with 'cve-2026-14345'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-14345'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-14345: CWE-434 Unrestricted Upload of File with Dangerous Type in getwpfunnels WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click UpsellCVE-2026-14345 0 WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress contains a critical remote code execution vulnerability (CVE-2026-14345) in all versions up to 3.12.7. The vulnerability arises from unsanitized attacker-controlled input written into a PHP-includeable log file, which can be included and executed by the plugin when an administrator views the log. Exploitation requires the plugin's logging feature to be enabled and an administrator to open the malicious log file, but the injection step itself is unauthenticated due to a publicly exposed nonce. This vulnerability has a CVSS score of 9.8, indicating critical severity. Join the discussion | CVE Database V5 | 07/07/2026, 05:34:19 UTC Added: 07/07/2026, 06:22:09 UTC |
Showing 1 to 1 of 1 result