Funnel Builder WordPress plugin bug exploited to steal credit cards

bleepingcomputer.com·May 15, 2026

A serious vulnerability in the Funnel Builder plugin for WordPress is being exploited to inject harmful JavaScript into WooCommerce checkout pages.

For a cybersecurity professional, the key takeaway is to immediately assess and patch any instances of the Funnel Builder plugin within your organization's WordPress environments to prevent malicious JavaScript injections. This incident highlights the importance of continuously monitoring for vulnerabilities in third-party plugins and ensuring a rapid incident response to mitigate potential breaches in e-commerce platforms like WooCommerce.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Funnel Builder WordPress plugin bug exploited to steal credit cards

Want more content like this?

More from Cybersecurity News

Microsoft shares mitigation for YellowKey Windows zero-day

Risky Business #838 -- GitHub investigates possible breach

Risky Bulletin: Microsoft takes down crime SaaS used by ransomware gangs

Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector

Max-severity flaw in ChromaDB for AI apps allows server hijacking