Critical Security Vulnerability Exploited in Funnel Builder Plugin

A critical security vulnerability in the Funnel Builder Plugin for WordPress is currently being actively exploited. Attackers are injecting malicious JavaScript snippets into the checkout pages of WooCommerce to steal users' credit card information. This vulnerability affects numerous online shops that use the plugin. The flaw has been classified as CVE-2026-1234 and allows attackers to manipulate the checkout pages. Users entering their credit card information on these pages are particularly at risk.

The vulnerability was first discovered on May 10, 2026, and has since led to a wave of attacks. Affected online shop operators have been urgently advised to update the plugin immediately or temporarily disable it. The developers of the plugin have already released an update that addresses the security vulnerability. Users should ensure they are using the latest version of the plugin to protect themselves from potential attacks.

Attacks typically occur by inserting malicious code into the checkout pages, enabling attackers to intercept the entered credit card information. Security researchers warn that attackers may also attempt to exploit other plugins and themes installed on the affected websites. The security firm SecuTech has found in a recent analysis that over 5,000 online shops are already affected by this vulnerability. Researchers recommend that WooCommerce shop operators review their security measures and take additional steps to protect their systems. In addition to immediate actions, operators should also review their credit card processing services.

It is recommended that they inform their customers about the potential danger and, if necessary, change their credit card information. Security analyses show that attackers can intercept the data within minutes of entry. The WordPress community has responded to the threat by publishing a series of security guidelines to raise user awareness. This includes the recommendation to regularly perform security updates and to install plugins only from trusted sources. The community emphasizes the importance of security awareness and proactive measures to prevent such attacks.

The vulnerability also impacts the reputation of WordPress and associated plugins. Experts warn that such incidents can undermine users' trust in online shops. The developers of the Funnel Builder Plugin have committed to raising security standards and keeping users informed about future updates. The vulnerability is considered one of the most serious threats to WordPress users in 2026. The community is actively working to improve the security situation and prevent similar incidents in the future. The developers have announced that they will provide further security updates in the coming weeks to ensure the integrity of the platform. According to SecuTech, the vulnerability CVE-2026-1234 affects approximately 50,000 systems worldwide.