WordPress Plugin Flaw Exploited to Skim WooCommerce Checkout Data
Attackers are actively exploiting a critical vulnerability in Funnel Builder to inject payment-stealing JavaScript into WordPress e-commerce sites.
A critical security flaw in the Funnel Builder plugin for WordPress is under active exploitation, allowing attackers to inject malicious JavaScript into WooCommerce checkout pages and harvest payment card data. Sansec published details of the campaign this week.
The vulnerability does not yet carry a CVE identifier. Funnel Builder is used to customize sales funnels and checkout flows on WordPress sites running WooCommerce, a widely deployed e-commerce platform. The flaw enables unauthorized code injection at the point of transaction, where customers enter sensitive payment information.
Attackers are targeting live checkout environments, not staging or development instances. The injected scripts operate silently, exfiltrating card numbers, CVV codes, and billing details as customers complete purchases. Site operators may remain unaware of the breach until fraud reports surface or payment processors flag anomalies.
- 01WooCommerce site operators face immediate payment fraud risk and regulatory exposure.
- 02Customers on affected sites may experience unauthorized card transactions and identity theft.
- 03Payment processors may suspend merchant accounts pending security audits.
- 04Plugin developers face reputational and legal liability for delayed patching.
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.