Find notable cyber news and cases, enriched with sources, timelines, and signals.

Funnel Builder security patch release (version 3.15.0.3)

Security Patch Release
First reported
Last updated
Happening score
H score 77
1 unique sources, 1 articles

Summary

Hide ▲

FunnelKit released version 3.15.0.3 to fix a Funnel Builder flaw that was being actively exploited to inject malicious JavaScript into WooCommerce checkout pages. The issue affects all versions before 3.15.0.3 and creates payment-data theft risk for stores using the plugin. Administrators are being told to update and review External Scripts for anything unfamiliar.

Related Happenings

ShapedPlugin hit by network compromise

Incident
H score19 First: 18.06.2026 15:55 Last: 18.06.2026 15:55 Sources 1

About this happening: **ShapedPlugin** suffered a **supply-chain compromise** that pushed infected **WordPress plugin** releases to paying customers through the vendor's **official update system**, put...

ShapedPlugin LicenseLoader fake WooCommerce backdoor

Malware Activity
H score21 First: 18.06.2026 15:55 Last: 18.06.2026 15:55 Sources 1

About this happening: The **LicenseLoader.php** malware embedded in infected ShapedPlugin releases now enables **credential theft**, **2FA secret theft**, and **remote file-writing** on compromised Wor...

PushEngage hit by cyberattack

Incident
H score93 First: 15.06.2026 12:59 Last: 15.06.2026 12:59 Sources 1

About this happening: **Awesome Motive**'s **WordPress plugin** delivery paths for **OptinMonster**, **TrustPulse**, and **PushEngage** were hit in a **CDN supply-chain incident** after attackers stole...

Latest development: 15.06.2026 20:37

Awesome Motive remediated the marketing site, migrated it to a new server, and rotated all credentials, including the CDN API key, after attackers exploited a known UpdraftPlus flaw to steal CDN account credentials from a server in its environment and modify JavaScript served from the company's CDN. The company says its application servers, source code, and systems storing OptinMonster and TrustPulse account information were hosted separately and were not breached.

PushEngage, OptinMonster, and TrustPulse CDN script-tampering campaign

Campaign
H score89 First: 15.06.2026 12:59 Last: 15.06.2026 12:59 Sources 1

About this happening: A **multi-plugin supply-chain campaign** targeted **Awesome Motive** WordPress plugins **OptinMonster**, **TrustPulse**, and **PushEngage**, with malicious JavaScript delivered th...

Latest development: 15.06.2026 20:37

Awesome Motive said a server in its environment was compromised after exploitation of a known UpdraftPlus WordPress plugin flaw, allowing attackers to steal the CDN API key for a marketing website and modify JavaScript distributed through the company’s CDN. The company remediated the marketing site, moved it to a new server, and rotated all credentials, including the CDN API key, while stating that its application servers, source code, and account-data systems were not breached.

Funnel Builder 3.15.0.3 security update

Security Patch Release
H score74 First: 15.05.2026 22:30 Last: 15.05.2026 22:30 Sources 1

About this happening: **FunnelKit** released **Funnel Builder 3.15.0.3** to fix an **actively exploited** flaw affecting **WordPress/WooCommerce checkout pages**, closing a path that could inject malic...

Timeline

  1. 16.05.2026 18:20 2 articles · 1mo ago

    Funnel Builder 3.15.0.3 patch follows active WooCommerce checkout skimming

    Mitigation Patch Update

    Sansec reported active exploitation of the Funnel Builder plugin for WordPress in WooCommerce stores, where unauthenticated attackers inject malicious JavaScript into checkout pages to steal credit card numbers, CVVs, and billing addresses; FunnelKit released version 3.15.0.3 to patch the flaw, and site owners were told to review Settings > Checkout > External Scripts for unfamiliar code.

    Show sources