A vulnerability described as critical has been identified in Funnelforms FunnelFormsPro Plugin up to 3.8.1 on WordPress. Affected by this issue is the function Inclusion.This . Executing a manipulation can lead to code injection. This vulnerability is registered as CVE-2026-39440 . It is possible to launch the attack remotely. No exploit is available.