A vulnerability described as critical has been identified in Funnelforms FunnelFormsPro Plugin up to 3.8.1 on WordPress. Affected by this issue is the function
Inclusion.This. Executing a manipulation can lead to code injection.
This vulnerability is registered as CVE-2026-39440. It is possible to launch the attack remotely. No exploit is available.
