A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. It
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/05/funnel-builder-flaw-under-active.html
