Find notable cyber news and cases, enriched with sources, timelines, and signals.

Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw

Vulnerability
First reported
Last updated
Happening score
H score 72
1 unique sources, 1 articles

Summary

Hide ▲

Funnel Builder for WordPress is under active exploitation for arbitrary JavaScript injection into WooCommerce checkout pages, creating payment-skimming risk across more than 40,000 stores. The flaw affects all versions before 3.15.0.3, and FunnelKit has released a fix. Attackers are abusing a publicly exposed checkout endpoint and weak method restrictions to write attacker-controlled data into plugin settings. The injected code can steal credit card numbers, CVVs, and billing addresses from shoppers at checkout.

Related Happenings

ShapedPlugin LicenseLoader fake WooCommerce backdoor

Malware Activity
H score21 First: 18.06.2026 15:55 Last: 18.06.2026 15:55 Sources 1

About this happening: The **LicenseLoader.php** malware embedded in infected ShapedPlugin releases now enables **credential theft**, **2FA secret theft**, and **remote file-writing** on compromised Wor...

PushEngage hit by cyberattack

Incident
H score93 First: 15.06.2026 12:59 Last: 15.06.2026 12:59 Sources 1

About this happening: **Awesome Motive**'s **WordPress plugin** delivery paths for **OptinMonster**, **TrustPulse**, and **PushEngage** were hit in a **CDN supply-chain incident** after attackers stole...

Latest development: 15.06.2026 20:37

Awesome Motive remediated the marketing site, migrated it to a new server, and rotated all credentials, including the CDN API key, after attackers exploited a known UpdraftPlus flaw to steal CDN account credentials from a server in its environment and modify JavaScript served from the company's CDN. The company says its application servers, source code, and systems storing OptinMonster and TrustPulse account information were hosted separately and were not breached.

Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw

Vulnerability
H score69 First: 15.05.2026 22:30 Last: 15.05.2026 22:30 Sources 1

About this happening: **Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...

Burst Statistics authentication bypass (CVE-2026-8181)

Vulnerability
H score78 First: 15.05.2026 00:07 Last: 15.05.2026 00:07 Sources 1

About this happening: **Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...

Magento checkout skimmer campaign targeting nearly 100 stores

Campaign
H score31 First: 09.04.2026 01:34 Last: 09.04.2026 01:34 Sources 1

About this happening: A **Magento** checkout skimmer campaign is compromising **nearly 100 online stores** and stealing payment data at the point of sale, putting shoppers’ card details at immediate ri...

Timeline

  1. 16.05.2026 18:20 2 articles · 1mo ago

    Funnel Builder checkout skimming disclosure

    Initial Disclosure

    A critical Funnel Builder vulnerability in WordPress is under active exploitation against WooCommerce checkout pages, where attackers inject malicious JavaScript through a publicly exposed checkout endpoint or the plugin's "External Scripts" setting to steal payment data at checkout. The payload can masquerade as Google Tag Manager or Google Analytics code, load a remote JavaScript skimmer, and open a WebSocket connection to wss://protect-wss[.]com/ws to retrieve a storefront-specific skimmer. The issue affects all versions before 3.15.0.3, Funnel Builder is used in more than 40,000 WooCommerce stores, and FunnelKit has released version 3.15.0.3 as a patch.

    Show sources