CVE-2026-42381

Name of the Vulnerable Software and Affected Versions Funnel Builder (affected versions not specified)

Description An SQL injection flaw in the Funnel Builder plugin allows attackers to inject payment skimmers into WooCommerce checkout pages. This issue enables script propagation across all checkout flows and the establishment of WebSocket Command and Control (C2) channels for real-time exfiltration of credit card data. The exploitation occurs via unprotected Funnel Builder endpoints.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Implement runtime egress controls to detect and block data exfiltration patterns.