Home · Briefs · CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026)
WordPress retail / e-commerce
From CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026) · published 2026-05-17
FunnelKit "Funnel Builder for WooCommerce" actively exploited as a Magecart skimmer on 40,000+ WordPress stores (daily 2026-05-17), no CVE assigned. The operational pattern (Magecart abuse of a popular WooCommerce plugin) is portable across the WordPress + WooCommerce e-commerce ecosystem used by Swiss / EU SMB retailers; SOC managers serving SMB or municipal e-commerce estates should sweep deployed WooCommerce plugin inventories for the affected FunnelKit version and audit checkout-page DOM for injected payment-form-skimming scripts.