Magento Security News
May 31, 2017
Magento Patch SUPEE 9767 Released
This patch fixes multiple security vulnerabilities. The bulk of which require access to the admin before being exploitable. We are currently evaluating this patch for compatibility and will be adding this functionality to our security patcher.
Full Patch Details
February 1, 2017
A security vulnerability has been found in the following extensions:
- Cart2Quote - Ophirah_Qquoteadv
- Ajax Cart Pro - EM_Ajaxcart
Exploits have been found in the wild. Contact each vendor for a patched version.
January 13, 2017
Magento has acknowledged a new potential remote code execution vulnerability in both Magento 1 and 2. This security risk is easily mitigated by changing the follwing setting in the magento admin. The values 'No/Specified' are not vulnerable. Approximately 5% of MAgento stores have this option enabled and are at risk.
- Magento 1: System-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path
- Magento 2: Stores-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path
Full exploit details are here: