40,000 WordPress Sites Are Quietly Losing Credit Cards Right Now

A serious WordPress checkout flaw is being used to steal payment card data from online stores, and the impact could already reach thousands of sites. If you run WooCommerce or manage a WordPress-based shop, this is an urgent issue because attackers can inject malicious code without logging in and quietly turn your checkout page into a card skimmer.

In this video, we break down the attack affecting Funnel Builder versions before 3.15.0.3, how the malicious JavaScript is being planted, and why the fake Google Analytics script is designed to hide in plain sight. We also explain who is affected, how the skimmer works behind the scenes, and what store owners should check right away.

Key points covered in this video:
1. What happened: an unauthenticated flaw in Funnel Builder is being abused to inject malicious JavaScript into WooCommerce checkout pages.
2. How it works: attackers use the plugin’s External Scripts setting to load fake scripts and pull payloads through a WebSocket connection.
3. Why it matters: stolen card data, CVVs, billing addresses, and customer details can lead to fraud, chargebacks, and reputational damage.
4. What to do now: update Funnel Builder to 3.15.0.3, inspect checkout scripts, review logs, and look for unauthorized changes across all affected sites.

Why this matters to you:
Even if you are not a store owner, this kind of threat can affect your personal data when you shop online. For businesses, a checkout compromise can expose payment information, disrupt trust, and create costly response work long after the attack is discovered. Early detection, fast patching, and careful script review are critical to limiting damage.

How Secursky helps:
Secursky monitors, tracks, and analyzes cyber threats and digital risk events. We help organizations stay informed, reduce exposure, and respond faster by translating complex threat intelligence into actionable insight.

Review our website: https://secursky.com
Checkout our other socials: LinkedIn
Get in touch: contact@secursky.com

The key takeaway is simple: this is an active checkout-skimming risk that deserves immediate attention. Patch first, inspect carefully, and treat any unexpected script on your checkout page as a potential incident.

#Cybersecurity #WordPress #WooCommerce #DataBreach #Malware #HackingNews #Infosec #DigitalRisk

Видео 40,000 WordPress Sites Are Quietly Losing Credit Cards Right Now канала Secursky