ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME20:41:23 UTC
← All briefs
CRITICALCyber IntelligenceSunday, May 17, 2026

WordPress Plugin Flaw Exploited to Skim WooCommerce Checkout Data

Attackers are actively exploiting a critical vulnerability in Funnel Builder to inject payment-stealing JavaScript into WordPress e-commerce sites.

A critical security flaw in the Funnel Builder plugin for WordPress is under active exploitation, allowing attackers to inject malicious JavaScript into WooCommerce checkout pages and harvest payment card data. Sansec published details of the campaign this week.

The vulnerability does not yet carry a CVE identifier. Funnel Builder is used to customize sales funnels and checkout flows on WordPress sites running WooCommerce, a widely deployed e-commerce platform. The flaw enables unauthorized code injection at the point of transaction, where customers enter sensitive payment information.

Attackers are targeting live checkout environments, not staging or development instances. The injected scripts operate silently, exfiltrating card numbers, CVV codes, and billing details as customers complete purchases. Site operators may remain unaware of the breach until fraud reports surface or payment processors flag anomalies.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
Implications
  • 01WooCommerce site operators face immediate payment fraud risk and regulatory exposure.
  • 02Customers on affected sites may experience unauthorized card transactions and identity theft.
  • 03Payment processors may suspend merchant accounts pending security audits.
  • 04Plugin developers face reputational and legal liability for delayed patching.
Source
The Hacker News
https://thehackernews.com/2026/05/funnel-builder-flaw-under-active.html
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#wordpress#woocommerce#payment skimming#plugin vulnerability#e-commerce security#active exploitation
Related Briefs