- Magento Development
- Magento Services
- Industry Solutions
- Hire Magento Developer
- Get a Quote
Before you leave,
UK: +44 2081232989
USA : +1 7077366533
AUS : +61 390185455
(We Operate Globally)
Magento is one of the most popular platforms that businesses use to build and manage their websites. That makes them an enticing target for hackers. Magneto stores experience malicious attacks in the wild which can harm critical remote code-execution vulnerability. So, security is a serious concern.
Since Magento powers a significant portion of online eCommerce, it is no surprise that hackers and skimmers often target it. Cybercriminals attack websites built on the unpatched eCommerce platform to access to the confidential data. The scripts steal customers’ payment card details, and other sensitive information entered on the page.
There is a vulnerability (CVE-2019-8144) which holds a severity ranking of 10 out 10 on the CVSS v.3 scale, can enable an unauthenticated user to insert a malicious payload into a merchant’s site via Page Builder template methods and then execute it. The Page Builder lets websites design content updates preview them live and schedule them to be published, and the bug exists explicitly in the preview function.
This flaw affected Magento 2.3 and patched in Magento Commerce 2.3.3 and with the security-only patch 2.3.3-p2 released in October. The company has already stated that patching will have the side effect of “blocking administrators from viewing previews for products, blocks and dynamic blocks but they have assured that it will re-enable the preview functionality as soon as possible.
Piotr Kaminski of the Magento security team wrote in a posting on Monday “We recommend that all merchants, even those who have already upgraded to 2.3.3 or applied security-only patch 2.3.2-p2, review the security of their Magento site to confirm that it was not potentially compromised before upgrade,” Further he added “Applying this hot fix or upgrading…will help defend your store against potential attacks going forward, but will not address the effects of an earlier attack. The same update patches several other critical emote-execution flaws with a CVSS v.3 score of 9 and above, as well as cross-site scripting (CSS) issues.”
Some of the crucial measures to secure your Magento store from Magecart attacks:
Magento is a fantastic platform for creating a thriving website. It has 24*7 support team that works consistently on maintenance and security updates. We recommend Magento store owners to stay current on the best security practices. As the old saying goes, “it’s better to be safe than sorry”.
Before you leave,