1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Another top WordPress plugin exploited hackers target credit car

    From TechnologyDaily@1337:1/100 to All on Monday, May 18, 2026 17:15:27
    Another top WordPress plugin exploited hackers target credit card details, here's what you need to know

    Date:
    Mon, 18 May 2026 15:25:00 +0000

    Description:
    Funnel Builder WordPress plugin is being exploited to steal people's credit cards but the flaw has since been patched.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Hackers are exploiting a critical flaw in the Funnel Builder plugin to inject credit card skimmers
    into checkout pages FunnelKit released a patched version, but more than half of active sites remain on older, vulnerable builds Stolen payment data is being monetized through dark web sales and fraudulent ad purchases Hackers
    are exploiting a critical vulnerability in a popular WordPress plugin to
    steal credit card information from people making online purchases.

    Security researchers Sansec said they recently spotted an active campaign targeting websites running the Funnel Builder plugin, which is apparently active on more than 40,000 ecommerce websites, letting businesses create
    sales funnels, landing pages, optimized checkout flows, upsells, and lead-generation campaigns, all without any coding. Sansec found it carried a critical-severity vulnerability (no CVE yet), that allows threat actors to
    add malicious JavaScript snippets into WooCommerce checkout pages, without authentication. According to the researchers, someone used it to add a credit card skimmer capable of exfiltrating credit card numbers, CVVs, billing addresses, and other customer information. Latest Videos From You may like Around 500,000 WordPress websites could be at risk from crucial plugin security flaw Hackers exploiting WordPress membership plugin bug to create admin accounts Over a million WordPress sites hit in plugin flaw so patch
    now or face the consequences Patching the flaw We dont know how many websites have been compromised this way, or how many people lost their credit card information to the hackers - however, the data they stole is all they need to make fraudulent purchases online.

    In most cases, though, they just sell it on the dark web to the highest bidder. Usually cybercriminals use stolen cards to purchase ads on reputable ad networks and promote malware that can lead to ransomware infections.

    Most of the ads for malware and infostealing landing pages seen on Google are paid for with stolen credit cards and through compromised Google Ads
    accounts.

    Since then, FunnelKit (the company behind the plugin) addressed the issue and released a new version - 3.15.0.3. All users are advised to upgrade to this version and secure their websites immediately. Are you a pro? Subscribe to
    our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    At press time, the official WordPress site shows 50.3% of all websites are running older versions of Funnel Builder, meaning at least 20,000 sites are directly exposed. The remaining 49.7% are shown as running version 3.15, so
    we dont know how many have patched up. Therefore, number of websites at risk could possibly be even higher.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/another-top-wordpress-plugin-exploited- hackers-target-credit-card-details-heres-what-you-need-to-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)