Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Funnel Builder security patch release (version 3.15.0.3)

Security Patch Release
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

FunnelKit released version 3.15.0.3 to fix a Funnel Builder flaw that was being actively exploited to inject malicious JavaScript into WooCommerce checkout pages. The issue affects all versions before 3.15.0.3 and creates payment-data theft risk for stores using the plugin. Administrators are being told to update and review External Scripts for anything unfamiliar.

Related Happenings

Funnel Builder 3.15.0.3 security update

Security Patch Release
First: 15.05.2026 22:30 Last: 15.05.2026 22:30 Sources 1

About this happening: **FunnelKit** released **Funnel Builder 3.15.0.3** to fix an **actively exploited** flaw affecting **WordPress/WooCommerce checkout pages**, closing a path that could inject malic...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

Quick Page/Post Redirect plugin hidden backdoor update chain

Malware Activity
First: 30.04.2026 01:13 Last: 30.04.2026 01:13 Sources 1

About this happening: A hidden **backdoor** in the **Quick Page/Post Redirect** WordPress plugin could push **arbitrary code** to affected sites, putting more than **70,000 installs** at risk. Versions...

Open Happening

Obfuscated web skimmer payload targeting Stripe checkout forms

Malware Activity
First: 13.01.2026 19:30 Last: 13.01.2026 19:30 Sources 1

About this happening: **Silent Push** disclosed a **Magecart**-style **web skimming campaign** that has operated since **2022** and targets **e-commerce checkout pages** tied to at least **six major pa...

Open Happening

Stripe iframe skimmer campaign targeting merchants

Campaign
First: 24.09.2025 14:03 Last: 24.09.2025 14:03 Sources 1

About this happening: The **Stripe iframe skimmer campaign** used **malicious overlays** to steal card data from **dozens of merchants**, raising checkout-fraud risk across payment pages. In **August 2...

Open Happening

Timeline

  1. 16.05.2026 18:20 2 articles · 11d ago

    Funnel Builder 3.15.0.3 patch follows active WooCommerce checkout skimming

    Mitigation Patch Update

    Sansec reported active exploitation of the Funnel Builder plugin for WordPress in WooCommerce stores, where unauthenticated attackers inject malicious JavaScript into checkout pages to steal credit card numbers, CVVs, and billing addresses; FunnelKit released version 3.15.0.3 to patch the flaw, and site owners were told to review Settings > Checkout > External Scripts for unfamiliar code.

    Show sources
    Open in new tab