CVE-2026-15103
The CVE affects the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell WordPress plugin. All versions up to 3.12.8 are vulnerable to privilege escalation via an insecure update_settings() REST callback that does not validate the group_id path parameter against an allowlis...