Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

thehackernews.com·May 16, 2026

A serious security vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, aiming to steal payment data, as reported by Sansec. The vulnerability has yet to receive an official CVE identifier.

The active exploitation of a critical vulnerability in the Funnel Builder plugin for WordPress, which injects malicious JavaScript into WooCommerce checkout pages to steal payment data, highlights the urgent need for continuous monitoring and patch management in your web applications. Prioritize identifying and mitigating such vulnerabilities in your web infrastructure, even those without a CVE identifier, to protect against data breaches.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

Want more content like this?

More from Cybersecurity News

Microsoft shares mitigation for YellowKey Windows zero-day

Risky Business #838 -- GitHub investigates possible breach

Risky Bulletin: Microsoft takes down crime SaaS used by ransomware gangs

Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector

Max-severity flaw in ChromaDB for AI apps allows server hijacking