Category Archives Magento Security

Magento Extension PDF Invoice Plus Vulnerability by Astra Magento Security

About PDF Invoice Plus Magento Extension Vulnerability A couple of weeks ago, our security team was performing a security audit on a customer store using Magento. While testing the extensions used by the customer, a critical vulnerability was found in the extension PDF Invoice Plus. This extension is a widely used extension by hundreds of Magento stores to generate invoices…

Recently a new severe 0-day Magento vulnerability has been released by DefenceCode team in an advisory. If you are vulnerable from this, attackers are capable of remotely executing  arbitrary code. As of now the vulnerability has been confirmed for the Magento Community edition as the researcher did not test for the enterprise edition. But since both the version use same base code there is…

Magento-Module-XSS-AffiliatePlus-GetAstra.com

A couple of weeks ago, we were performing a security scan for a customer using Magento shop. While auditing their website our team found a critical vulnerability in Affiliate Plus module. According to Affiliate Plus' website, 7000+ stores use the extension. This Affiliate Plus Magento module XSS vulnerability leaves a number of Magento stores vulnerable. About Affiliate Plus Magento Module XSS When logged…

Lately, Magento has been in news owing to frequent notorious attacks on it's payment security system. A recent case of Magento attack witnessed credit card scrapers targeting the payment security system of Magento stores in order to steal paramount credit card information. Consequently, Magento has been wary of vulnerabilities in its system and in a prudent attempt, regularly releases security patches as…

E-Commerce Security is often not the top priority of store owners. If given an analogy between physical stores and electronic retail stores, people invest into the security of their physical stores in terms of CCTV cameras,  alarm systems, door locks and more. This arrangement is made to save yourself from shoplifting. People need to understand that shoplifting, when done in electronic…

As e-commerce platforms worldwide are opting for stronger security measures, attackers are constantly developing new techniques to compromise these platforms and steal sensitive information provided by customers. A recent case of cyber crime targeted to steal paramount credit card data by compromising Magento’s payment security sheds light on the susceptible state of web security and a dire need of a stronger…

Magento+Security+Statistics+infograph+Astra+Security

Magento is the top choice for an E-Commerse store these days. It is customizable, easy to setup and comes with a number of built in feature making it preferred CMS over many others like Shopify, WooCommerce, BigCommerce etc. However, Magento has had its share of vulnerabilities right from Shoplift to XSS in admin area. Being an E-Commerce platform, magento security…

Close