Find notable cyber news and cases, enriched with sources, timelines, and signals.

Funnel Builder 3.15.0.3 security update

Security Patch Release
First reported
Last updated
Happening score
H score 74
1 unique sources, 1 articles

Summary

Hide ▲

FunnelKit released Funnel Builder 3.15.0.3 to fix an actively exploited flaw affecting WordPress/WooCommerce checkout pages, closing a path that could inject malicious JavaScript. The bug affected all versions before 3.15.0.3 and was exploitable without authentication. Site owners should update from the WordPress dashboard and review External Scripts for any rogue entries.

Related Happenings

PushEngage hit by cyberattack

Incident
H score93 First: 15.06.2026 12:59 Last: 15.06.2026 12:59 Sources 1

About this happening: **Awesome Motive**'s **WordPress plugin** delivery paths for **OptinMonster**, **TrustPulse**, and **PushEngage** were hit in a **CDN supply-chain incident** after attackers stole...

Latest development: 15.06.2026 20:37

Awesome Motive remediated the marketing site, migrated it to a new server, and rotated all credentials, including the CDN API key, after attackers exploited a known UpdraftPlus flaw to steal CDN account credentials from a server in its environment and modify JavaScript served from the company's CDN. The company says its application servers, source code, and systems storing OptinMonster and TrustPulse account information were hosted separately and were not breached.

PushEngage, OptinMonster, and TrustPulse CDN script-tampering campaign

Campaign
H score89 First: 15.06.2026 12:59 Last: 15.06.2026 12:59 Sources 1

About this happening: A **multi-plugin supply-chain campaign** targeted **Awesome Motive** WordPress plugins **OptinMonster**, **TrustPulse**, and **PushEngage**, with malicious JavaScript delivered th...

Latest development: 15.06.2026 20:37

Awesome Motive said a server in its environment was compromised after exploitation of a known UpdraftPlus WordPress plugin flaw, allowing attackers to steal the CDN API key for a marketing website and modify JavaScript distributed through the company’s CDN. The company remediated the marketing site, moved it to a new server, and rotated all credentials, including the CDN API key, while stating that its application servers, source code, and account-data systems were not breached.

Funnel Builder security patch release (version 3.15.0.3)

Security Patch Release
H score77 First: 16.05.2026 18:20 Last: 16.05.2026 18:20 Sources 1

About this happening: **FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...

Payment iframe defense against malicious overlays on checkout pages

Defensive Guidance
H score20 First: 24.09.2025 14:03 Last: 24.09.2025 14:03 Sources 1

About this happening: Attackers are actively abusing **payment iframes** on **checkout pages** with **malicious overlays**, making **strict CSP** and **real-time monitoring** essential to prevent card...

Timeline

  1. 15.05.2026 22:30 2 articles · 1mo ago

    FunnelKit releases Funnel Builder 3.15.0.3

    Mitigation Patch Update

    FunnelKit releases Funnel Builder 3.15.0.3 to fix a critical unauthenticated script-injection flaw in the WordPress plugin used for WooCommerce checkout pages. The bug affects all versions before 3.15.0.3, and site owners are advised to update from the WordPress dashboard and review Settings > Checkout > External Scripts for rogue entries.

    Show sources
  2. 15.05.2026 22:30 1 articles · 1mo ago

    Sansec reports active exploitation of Funnel Builder

    Initial Disclosure

    Sansec reports that the Funnel Builder WordPress plugin used by WooCommerce sites is being actively exploited to inject malicious JavaScript into checkout pages. The payload analytics-reports[.]com/wss/jquery-lib.js impersonates Google Tag Manager and Google Analytics, opens a WebSocket to wss://protect-wss[.]com/ws, and delivers a customized payment card skimmer that steals credit card numbers, CVVs, billing addresses, and other customer information.

    Show sources