Critical Vulnerability in Funnel Builder WordPress Plugin Under Active Exploitation
A critical security flaw in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages.
A critical security vulnerability in the Funnel Builder plugin for WordPress is currently being exploited in the wild. Attackers are leveraging this flaw to inject malicious JavaScript code directly into WooCommerce checkout pages, aiming to intercept and steal sensitive payment information from unsuspecting users [The Hacker News].
The vulnerability affects installations of the Funnel Builder plugin. By successfully injecting malicious scripts, attackers can capture credit card data and other payment details entered by customers during the checkout process, posing a significant risk to both site owners and their customers [BleepingComputer].
As of now, there is no official CVE identifier assigned to this vulnerability. Site administrators using the Funnel Builder plugin are urged to monitor their installations closely for unauthorized JavaScript injections and to apply any available updates or security patches provided by the plugin developers to mitigate the risk of compromise.