> TritonInfoSec News
Home / May 18, 2026 / Story
0
#7 The Hacker News general May 16, 2026 at 15:20 UTC

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

By [email protected] (The Hacker News)

AI Summary

A critical vulnerability in the Funnel Builder plugin for WordPress (no CVE yet assigned) is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, enabling payment card skimming. Sansec published details of the in-the-wild campaign, and the absence of a CVE may delay patching by site operators relying on vulnerability scanners.

Read full article → https://thehackernews.com/2026/05/funnel-builder-f…

Relevance score: 78.0/100

# More from May 18

  1. 1
    New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released BleepingComputer
  2. 2
    NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE The Hacker News
  3. 3
    Russian hackers turn Kazuar backdoor into modular P2P botnet BleepingComputer
  4. 4
    Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing BleepingComputer
  5. 5
    Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 SecurityWeek
  6. 6
    Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt The Hacker News
  7. 8
    Microsoft rejects critical Azure vulnerability report, no CVE issued BleepingComputer
  8. 9
    Can Laws Stop Deepfakes? South Korea Aims to Find Out Dark Reading
  9. 10
    Why geopolitical turmoil is a gift for scammers, and how to stay safe WeLiveSecurity (ESET)