40,000 WooCommerce checkouts compromised: Why real-time store monitoring is no longer optional

On May 14, 2026, eCommerce security firm Sansec disclosed that a critical vulnerability in Funnel Builder by FunnelKit (CVE-2026-47100) was being actively exploited to inject payment skimmers into WooCommerce checkout pages. More than 40,000 stores running the popular checkout optimisation plugin were at risk, and by the time the disclosure went public, attackers had already begun harvesting credit card data from live customers.

This isn't a theoretical risk. It's happening right now, to real stores, costing real revenue.

The anatomy of a silent checkout attack

What makes this vulnerability particularly insidious is how invisible it is. The FunnelKit flaw, a missing authorisation check in the public checkout endpoint, allowed attackers to inject malicious JavaScript that mimicked legitimate Google Tag Manager scripts. To the store owner, everything looked normal. Analytics were running, orders were processing, and dashboards showed no red flags.

But underneath, a skimmer was silently copying payment card details before they reached the payment processor. Customers experienced no error messages, no broken pages, no visible sign that anything was wrong. They simply had their financial data stolen during what appeared to be a perfectly normal checkout.

This is the nightmare scenario for any eCommerce team: a revenue-destroying problem that produces zero visible symptoms in your standard monitoring stack.

The monitoring gap most stores don't know they have

The FunnelKit exploit highlights a fundamental gap in how most eCommerce businesses monitor their storefronts. Traditional application monitoring catches server errors, downtime, and slow response times. Analytics platforms track conversions and bounce rates. But neither catches the subtle, client-side anomalies that indicate a compromised checkout.

Consider the numbers: according to Baymard Institute's 2026 cart abandonment research, approximately 15% of online shoppers abandon purchases specifically because of website errors and crashes. Another 14–17% leave due to broader technical performance issues at checkout. These are the visible problems, the ones that at least produce a measurable signal.

But what about the problems that don't produce a signal? A skimmer injected via a compromised plugin doesn't crash the page. It doesn't slow the load time. It doesn't trigger a 500 error. It operates in the margins between what your server-side monitoring sees and what your customer actually experiences in the browser.

From reactive to proactive: Monitoring the checkout experience

This is precisely the problem that AuditIQ was built to address. Rather than waiting for customers to report issues (studies show 96% never will), or relying on periodic security scans that run hours or days apart, AuditIQ provides continuous, real-time monitoring of your live eCommerce storefront, including the checkout flow.

AuditIQ works by observing the actual experience your customers have: unexpected JavaScript errors, anomalous network requests, DOM modifications that shouldn't be there, and performance degradations that analytics tools simply cannot see. When a checkout page starts behaving differently from its established baseline, whether from a bug, a broken deploy, or a malicious injection, AuditIQ flags it immediately.

In the FunnelKit scenario, the injection of an unauthorised external script into checkout pages would have triggered an alert the moment it appeared, not days or weeks later when fraud reports started rolling in.

What actions to take

If you're running a WooCommerce store with FunnelKit's Funnel Builder:

1. Update immediately to version 3.15.0.3 or later
2. Audit your checkout pages for any unfamiliar scripts, particularly those masquerading as analytics tags
3. Review your monitoring stack by asking yourself honestly whether your current tools would catch a client-side script injection on your checkout page
4. Implement real-time storefront monitoring that watches what your customers actually see, not just what your server logs report

The FunnelKit vulnerability is a wake-up call, but it won't be the last. Supply chain attacks on eCommerce plugins are accelerating, and the stores that survive them unscathed will be the ones that can detect anomalies in minutes, not weeks.

AuditIQ gives eCommerce teams that visibility. Learn how the AuditIQ storefront monitoring solution helps protect checkout performance, detect issues faster, and prevent revenue loss.