{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/funnel-builder-for-woocommerce-checkout--3.15.0.3/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-47100"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Funnel Builder for WooCommerce Checkout \u003c 3.15.0.3"],"_cs_severities":["high"],"_cs_tags":["cve","woocommerce","wordpress","missing-authorization","javascript-injection"],"_cs_type":"threat","_cs_vendors":["WooCommerce"],"content_html":"\u003cp\u003eA missing authorization vulnerability exists in the Funnel Builder for WooCommerce Checkout plugin (versions prior to 3.15.0.3). This flaw allows unauthenticated attackers to bypass authorization checks in the public checkout endpoint. By invoking internal methods, attackers can write arbitrary data to the plugin\u0026rsquo;s External Scripts global setting. This injection allows the introduction of malicious JavaScript code. This JavaScript then executes in the browsers of all users visiting the checkout page, potentially leading to credential theft, defacement, or other client-side attacks. The vulnerability was reported on May 19, 2026, and is identified as CVE-2026-47100.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies the vulnerable checkout endpoint in the Funnel Builder plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request to the checkout endpoint, bypassing authorization checks.\u003c/li\u003e\n\u003cli\u003eThis request invokes an internal method to modify plugin settings.\u003c/li\u003e\n\u003cli\u003eThe attacker writes arbitrary data containing malicious JavaScript code to the External Scripts global setting.\u003c/li\u003e\n\u003cli\u003eA user visits the checkout page on the affected WooCommerce site.\u003c/li\u003e\n\u003cli\u003eThe injected JavaScript code from the External Scripts setting executes in the user\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe malicious JavaScript performs actions such as stealing payment information, redirecting the user to a phishing site, or defacing the page.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to sensitive user data or compromises the integrity of the checkout process.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to inject malicious JavaScript into the checkout pages of WooCommerce stores using the Funnel Builder plugin. This could lead to the theft of customer payment information, redirection to phishing sites, or defacement of the checkout page, affecting potentially all users visiting the checkout page. Given the widespread use of WooCommerce for e-commerce, a large number of stores and customers are potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Funnel Builder for WooCommerce Checkout plugin to version 3.15.0.3 or later to patch CVE-2026-47100.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-47100 Exploitation — Funnel Builder Unauthorized Script Injection\u0026rdquo; to your SIEM to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to checkout endpoints with attempts to modify script settings, as indicated by the log source in the provided Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T15:19:24Z","date_published":"2026-05-19T15:19:24Z","id":"https://feed.craftedsignal.io/briefs/2026-05-funnel-builder-authz-bypass/","summary":"Funnel Builder for WooCommerce Checkout versions prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and inject malicious JavaScript, impacting checkout page visitors.","title":"Funnel Builder for WooCommerce Checkout Missing Authorization Vulnerability (CVE-2026-47100)","url":"https://feed.craftedsignal.io/briefs/2026-05-funnel-builder-authz-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Funnel Builder for WooCommerce Checkout \u003c 3.15.0.3","version":"https://jsonfeed.org/version/1.1"}