VulnHub

Real-time Cybersecurity News

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

The Hacker News
Actively Exploited
CVEVulnerabilityCritical

Overview

A serious vulnerability in the Funnel Builder plugin for WordPress is currently being exploited by attackers to inject harmful JavaScript into WooCommerce checkout pages. This manipulation aims to capture sensitive payment information from users during transactions. The situation was reported by Sansec, revealing that this flaw does not yet have an official Common Vulnerabilities and Exposures (CVE) identifier. Website owners using this plugin should be particularly vigilant, as the lack of a CVE means there may not be a widely known fix available at this time. This incident poses a significant risk, especially for e-commerce sites that rely on WooCommerce for processing payments.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Funnel Builder plugin for WordPress, WooCommerce checkout pages
  • Action Required: Website owners should immediately review their use of the Funnel Builder plugin and consider disabling it until a patch or workaround is made available.
  • Timeline: Newly disclosed

Original Article Summary

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. It

Impact

Funnel Builder plugin for WordPress, WooCommerce checkout pages

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Website owners should immediately review their use of the Funnel Builder plugin and consider disabling it until a patch or workaround is made available. Regularly monitor for updates from the plugin's developers and apply any fixes as soon as they are released. Additionally, users should implement security measures such as web application firewalls to help mitigate potential attacks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Vulnerability, Critical.

Read Original Article

Related Coverage

Can Laws Stop Deepfakes? South Korea Aims to Find Out

darkreading

South Korea is preparing for its local elections next month, which will serve as a testing ground for new regulations aimed at combating deepfakes. These manipulated videos can spread misinformation and potentially influence public opinion during elections. As deepfakes become more sophisticated and accessible, the South Korean government is keen to see if their legal measures can effectively reduce the impact of these deceptive media. The outcome of this initiative could set a precedent for how other countries approach the regulation of deepfakes and misinformation in electoral processes. This is particularly relevant as deepfake technology poses a growing challenge to democratic processes worldwide.

May 18, 2026

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

BleepingComputer

A cybersecurity researcher has disclosed a serious vulnerability in Windows, known as 'MiniPlasma', which allows attackers to escalate their privileges to SYSTEM level on fully patched systems. This zero-day exploit poses a significant risk because it can enable unauthorized access to sensitive data and system controls. Users of Windows systems, particularly those in corporate environments, should be on high alert as this exploit can potentially be used in cyberattacks. The researcher has also released a proof-of-concept (PoC) for the exploit, which can facilitate its misuse by malicious actors. This situation underscores the need for immediate attention to system security measures and vigilance against potential exploitation.

May 17, 2026

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

Attackers are exploiting a vulnerability in Funnel Builder, a tool used by online stores, to inject e-skimmers. These malicious scripts can steal payment information from unsuspecting customers during transactions. This incident affects e-commerce platforms that utilize Funnel Builder, potentially putting sensitive customer data at risk. As the holiday shopping season approaches, the urgency to address this vulnerability increases, as attackers may ramp up their efforts to exploit it. Companies using this tool should prioritize patching the identified bug to protect their customers and maintain trust.

May 17, 2026

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

The Hacker News

A serious vulnerability in NGINX, tracked as CVE-2026-42945, is currently being exploited in the wild, just days after it was disclosed. This flaw is a heap buffer overflow in the ngx_http_rewrite_module, which affects NGINX Plus and NGINX Open versions from 0.6.27 to 1.30.0. The CVSS score of 9.2 indicates a high severity, as it could lead to worker crashes and potentially allow remote code execution (RCE). Organizations using affected versions should prioritize patching their systems to prevent exploitation. Given the active nature of this threat, immediate action is crucial for maintaining security.

May 17, 2026

Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases

Hackread – Cybersecurity News, Data Breaches, AI and More

Scammers are targeting Ledger wallet users in Italy by sending out physical letters that appear to be from the company. These letters contain QR codes designed to trick recipients into revealing their wallet seed phrases. This tactic exploits the trust users have in Ledger, a well-known cryptocurrency hardware wallet provider. By obtaining these seed phrases, scammers can gain access to users' cryptocurrency funds. It's crucial for crypto users to be vigilant and verify the authenticity of any communication they receive, especially those that ask for sensitive information. The incident underscores the ongoing risks associated with cryptocurrency security and the lengths that attackers will go to steal personal information.

May 17, 2026

Grafana Says It Rejected Ransom Demand After Source Code Theft

Hackread – Cybersecurity News, Data Breaches, AI and More

Grafana has reported a security incident where hackers accessed its source code after obtaining a GitHub token. Fortunately, the company confirmed that no customer data or systems were compromised during this breach. Grafana's response included rejecting a ransom demand from the attackers, indicating they did not negotiate or pay for the stolen code. This incident raises concerns about the security of access tokens and the potential risks associated with code theft, even when customer data remains secure. Companies should review their token management practices to prevent similar incidents in the future.

May 17, 2026