VulnerabilityBleeping Computer
9.5 — CRITICAL
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A critical vulnerability in the Funnel Builder WordPress plugin is being actively exploited to steal credit card information, affecting over 40,000 websites with outdated versions prior to 3.15.0.3.
⚙️Technical Details
Affected Systems
Funnel Builder plugin for WordPress
Attack Vectors
Malicious JavaScript snippets injected into WooCommerce checkout pages via unprotected, publicly exposed checkout endpoint
💥Impact Assessment
Severity: Critical
Who Is at Risk
Website owners and administrators with outdated versions of the Funnel Builder plugin
🛡️Recommended Actions
1Prioritize updating to the latest version from the WordPress dashboard (3.15.0.3)
2Review Settings > Checkout > External Scripts for potential rogue scripts
3Disable or remove any suspicious scripts or plugins
📦Affected Products
Product Name: Funnel Builder plugin for WordPressVersion Range: all versions prior to 3.15.0.3
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.