Ethical Hacking News
Attackers have exploited a critical vulnerability in the WordPress Funnel Builder plugin, allowing them to inject e-skimmers into WooCommerce checkout pages and steal customer payment details. Immediately apply updates and review your store's security.
The WordPress Funnel Builder plugin has been compromised by a critical vulnerability, allowing attackers to inject e-skimmers and steal customer information. The vulnerability allows attackers to modify global settings within the plugin, including the "External Scripts" option, to plant malware code on every checkout transaction. Attackers have been using this vulnerability to inject malware disguised as legitimate tracking tags, making it difficult to detect. A patch has been released to address the vulnerability, adding proper permission checks and limits access to approved methods only. Website owners are advised to immediately update their plugins and scan for signs of malware or security threats.
The online retail landscape has been compromised once again, this time by a critical vulnerability in the WordPress Funnel Builder plugin. The attackers have taken advantage of this flaw to inject e-skimmers, malicious software designed to steal sensitive customer information during checkout transactions. According to Sansec researchers, the WordPress Funnel Builder plugin, which is used on over 40,000 WooCommerce stores, has been actively exploited by hackers.
The critical vulnerability in the Funnel Builder plugin allows attackers to modify global settings within the plugin, including the "External Scripts" option. By injecting malicious code into this setting, hackers can plant a
