Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects Funnel…

A code injection vulnerability (CVE-2026-39440) has been identified in Funnelforms LLC FunnelFormsPro plugin that allows remote code inclusion. The vulnerability affects all versions of FunnelFormsPro from an unspecified starting version through version 3.8.1. This is classified as an 'Improper Control of Generation of Code' weakness that enables attackers to execute arbitrary code remotely. The vulnerability represents a critical security flaw in the WordPress plugin that could allow complete system compromise. Organizations using affected versions should prioritize patching or mitigation measures immediately.