Tag: javascript injection

2 articles

WordPress plugin developer's workspace with code on screen, coffee, and notes on a minimalist wooden desk.

Malicious Code Infiltrates WordPress Plugins, Creates Rogue Admin Accounts

Over 1.2 million WordPress sites are at risk after attackers infiltrated a trusted vendor's network, injecting malicious code into popular plugins like OptinMonster, TrustPulse, and PushEngage. This sneaky hack creates rogue admin accounts, putting sites at risk of takeover - all without ordinary visitors even noticing.

Analyst 207Jun 15, 2026

Retail checkout counter with a WooCommerce point-of-sale terminal in the foreground and blurred store shelves in the…

Funnel Builder Flaw Exploited for WooCommerce Checkout Skimming

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited, allowing attackers to inject malicious JavaScript into WooCommerce checkout pages and skim sensitive customer info. Over 40,000 online stores using the plugin may be at risk.

Analyst 207May 16, 2026