VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Funnel Builder Vulnerability Enables Skimmer Injection on WooCommerce Checkouts

Уязвимость в Funnel Builder позволяет внедрять скрипты‑скримеры на чекаутах WooCommerce

Colleagues, please note: active exploitation of a vulnerability in the Funnel Builder plugin for WooCommerce has been observed.

- Sansec reports: versions before 3.15.0.3 allow unauthenticated attackers to write arbitrary JavaScript to the "External Scripts" checkout setting.
- Attackers disguise scripts as Google Tag Manager and load skimmers via remote C2 to steal card numbers, CVV and addresses.
- Over 40,000 stores affected; FunnelKit released a patch in v3.15.0.3. Check Settings > Checkout > External Scripts.

Why it matters: checkout compromise causes payment data leakage and reputational damage.

Have you checked your stores for unexpected checkout scripts?

#cybersecurity #WooCommerce #WordPress #Magecart

Latest comments

No comments yet.