Tag Archives Magento security

Recently a new severe 0-day Magento vulnerability has been released by DefenceCode team in an advisory. If you are vulnerable from this, attackers are capable of remotely executing  arbitrary code. As of now the vulnerability has been confirmed for the Magento Community edition as the researcher did not test for the enterprise edition. But since both the version use same base code there is…

Magento-Module-XSS-AffiliatePlus-GetAstra.com

A couple of weeks ago, we were performing a security scan for a customer using Magento shop. While auditing their website our team found a critical vulnerability in Affiliate Plus module. According to Affiliate Plus' website, 7000+ stores use the extension. This Affiliate Plus Magento module XSS vulnerability leaves a number of Magento stores vulnerable. About Affiliate Plus Magento Module XSS When logged…

Lately, Magento has been in news owing to frequent notorious attacks on it's payment security system. A recent case of Magento attack witnessed credit card scrapers targeting the payment security system of Magento stores in order to steal paramount credit card information. Consequently, Magento has been wary of vulnerabilities in its system and in a prudent attempt, regularly releases security patches as…

Magento+Security+Statistics+infograph+Astra+Security

Magento is the top choice for an E-Commerse store these days. It is customizable, easy to setup and comes with a number of built in feature making it preferred CMS over many others like Shopify, WooCommerce, BigCommerce etc. However, Magento has had its share of vulnerabilities right from Shoplift to XSS in admin area. Being an E-Commerce platform, magento security…

Close