> TritonInfoSec News
Home / May 17, 2026 / Story
0
#7 BleepingComputer general May 15, 2026 at 19:30 UTC

Funnel Builder WordPress plugin bug exploited to steal credit cards

By Bill Toulas

AI Summary

A critical, unpatched vulnerability (no CVE yet assigned) in the Funnel Builder WordPress plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages for payment card skimming. Sansec researchers published details of the active exploitation campaign, which targets e-commerce sites running WooCommerce. WordPress site owners using the Funnel Builder plugin should disable it immediately pending an official patch.

Read full article → https://www.bleepingcomputer.com/news/security/fun…

Relevance score: 78.0/100

# More from May 17

  1. 1
    Microsoft warns of Exchange zero-day flaw exploited in attacks BleepingComputer
  2. 2
    Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 SecurityWeek
  3. 3
    Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access The Hacker News
  4. 4
    Popular node-ipc npm package compromised to steal credentials BleepingComputer
  5. 5
    OpenAI Hit by TanStack Supply Chain Attack SecurityWeek
  6. 6
    Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own BleepingComputer
  7. 8
    Avada Builder WordPress plugin flaws allow site credential theft BleepingComputer
  8. 9
    PoC Code Published for Critical NGINX Vulnerability SecurityWeek
  9. 10
    Microsoft backpedals: Edge to stop loading passwords into memory BleepingComputer