Overview
- Security firm Sansec reports attackers are stealing payment data from WooCommerce stores through vulnerable Funnel Builder installs.
- The flaw lets anyone trigger a checkout function that writes attacker data into the plugin’s global settings, which then injects code on every checkout page.
- Many attacks use fake Google Tag Manager or Analytics files that open a WebSocket to wss://protect-wss[.]com/ws to fetch a custom skimmer.
- FunnelKit released version 3.15.0.3 to fix the issue and urges admins to update and remove any unknown entries in Settings > Checkout > External Scripts.
- The plugin runs on more than 40,000 sites, raising the risk that shoppers’ cards are stolen for fraud or sold on dark web markets.