Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Funnel Builder for WordPress is under active exploitation for arbitrary JavaScript injection into WooCommerce checkout pages, creating payment-skimming risk across more than 40,000 stores. The flaw affects all versions before 3.15.0.3, and FunnelKit has released a fix. Attackers are abusing a publicly exposed checkout endpoint and weak method restrictions to write attacker-controlled data into plugin settings. The injected code can steal credit card numbers, CVVs, and billing addresses from shoppers at checkout.
Related Happenings
ShapedPlugin LicenseLoader fake WooCommerce backdoor
Malware Activity
H score21
First: 18.06.2026 15:55
Last: 18.06.2026 15:55
Sources 1
About this happening:
The **LicenseLoader.php** malware embedded in infected ShapedPlugin releases now enables **credential theft**, **2FA secret theft**, and **remote file-writing** on compromised Wor...
ShapedPlugin LicenseLoader fake WooCommerce backdoor
Malware ActivityAbout this happening: The **LicenseLoader.php** malware embedded in infected ShapedPlugin releases now enables **credential theft**, **2FA secret theft**, and **remote file-writing** on compromised Wor...
PushEngage hit by cyberattack
Incident
H score93
First: 15.06.2026 12:59
Last: 15.06.2026 12:59
Sources 1
About this happening:
**Awesome Motive**'s **WordPress plugin** delivery paths for **OptinMonster**, **TrustPulse**, and **PushEngage** were hit in a **CDN supply-chain incident** after attackers stole...
PushEngage hit by cyberattack
IncidentAbout this happening: **Awesome Motive**'s **WordPress plugin** delivery paths for **OptinMonster**, **TrustPulse**, and **PushEngage** were hit in a **CDN supply-chain incident** after attackers stole...
Latest development: 15.06.2026 20:37
Awesome Motive remediated the marketing site, migrated it to a new server, and rotated all credentials, including the CDN API key, after attackers exploited a known UpdraftPlus flaw to steal CDN account credentials from a server in its environment and modify JavaScript served from the company's CDN. The company says its application servers, source code, and systems storing OptinMonster and TrustPulse account information were hosted separately and were not breached.
Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw
Vulnerability
H score69
First: 15.05.2026 22:30
Last: 15.05.2026 22:30
Sources 1
About this happening:
**Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...
Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw
VulnerabilityAbout this happening: **Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...
Burst Statistics authentication bypass (CVE-2026-8181)
Vulnerability
H score78
First: 15.05.2026 00:07
Last: 15.05.2026 00:07
Sources 1
About this happening:
**Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...
Burst Statistics authentication bypass (CVE-2026-8181)
VulnerabilityAbout this happening: **Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...
Magento checkout skimmer campaign targeting nearly 100 stores
Campaign
H score31
First: 09.04.2026 01:34
Last: 09.04.2026 01:34
Sources 1
About this happening:
A **Magento** checkout skimmer campaign is compromising **nearly 100 online stores** and stealing payment data at the point of sale, putting shoppers’ card details at immediate ri...
Magento checkout skimmer campaign targeting nearly 100 stores
CampaignAbout this happening: A **Magento** checkout skimmer campaign is compromising **nearly 100 online stores** and stealing payment data at the point of sale, putting shoppers’ card details at immediate ri...
Timeline
-
16.05.2026 18:20 2 articles · 1mo ago
Funnel Builder checkout skimming disclosure
Initial DisclosureA critical Funnel Builder vulnerability in WordPress is under active exploitation against WooCommerce checkout pages, where attackers inject malicious JavaScript through a publicly exposed checkout endpoint or the plugin's "External Scripts" setting to steal payment data at checkout. The payload can masquerade as Google Tag Manager or Google Analytics code, load a remote JavaScript skimmer, and open a WebSocket connection to wss://protect-wss[.]com/ws to retrieve a storefront-specific skimmer. The issue affects all versions before 3.15.0.3, Funnel Builder is used in more than 40,000 WooCommerce stores, and FunnelKit has released version 3.15.0.3 as a patch.
Show sources
- Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming — thehackernews.com — 16.05.2026 18:20
- Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming — thehackernews.com — 16.05.2026 18:20