Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

2026-05-16

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

A critical vulnerability in the Funnel Builder WordPress plugin allows unauthenticated attackers to inject malicious JavaScript into WooCommerce checkout pages and steal payment data.

•Affects 40,000+ WooCommerce stores; actively exploited to inject fake Google Tag Manager scripts
•Vulnerability in unprotected checkout endpoint lacks permission checks, allowing arbitrary code injection
•Malicious code connects via WebSocket to C2 server to retrieve payment skimmers; steals credit card data; patched in 3.15.0.3

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cloud CISO Perspectives: How to build an AI-ready security program for the public sector

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks