Magento’s critical vulnerability requires immediate update

Thanks to the work of Sucuri‘s research team, a critical security flaw has been recently discovered in the popular Magento e-commerce platform. SUPEE-7405 Multiple Update is available for patching over 20 flaws that put the site at risk of falling under the control of cyber-criminals that can exploit them.

Virtually all versions of Magento CE before 1.9.2.3 and Magento EE prior to 1.14.2.3 are at risk. The cause of the vulnerability is a portion of code badly written in Magento’s core libraries, back-end, or administrative control panel. The type of vulnerability is stored Cross-site Scripting (XSS), probably the most vulnerable source for sites around the world.

All sites created or maintained by Deltamatica on a Magento basis have been updated within 2 hours after patch release. In the 24 hours following the release of the vulnerability, several attack attempts were detected.