Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-12979

UNKNOWN NVD
CVSS Score 0
Severity UNKNOWN
Published Jul 16, 2026
Vendor unknown

Description

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable other FunnelKit WordPress plugin before 3.15.0.6 or (denial of service).

References