- Magento Development
- Magento Services
- Industry Solutions
- Hire Magento Developer
Magento is one of the most popular platforms that businesses use to build and manage their websites. That makes them an enticing target for hackers. Magneto stores experience malicious attacks in the wild which can harm critical remote code-execution vulnerability. So, security is a serious concern.
Since Magento powers a significant portion of online eCommerce, it is no surprise that hackers and skimmers often target it. Cybercriminals attack websites built on the unpatched eCommerce platform to access confidential data. The scripts steal customers’ payment card details, and other sensitive information entered on the page.
There is a vulnerability (CVE-2019-8144) that holds a severity ranking of 10 out 10 on the CVSS v.3 scales, which can enable an unauthenticated user to insert a malicious payload into a merchant’s site via Page Builder template methods and then execute it. The Page Builder lets websites design content updates preview them live and schedule them to be published, and the bug exists explicitly in the preview function.
This flaw affected Magento 2.3 and patched in Magento Commerce 2.3.3 and with the security-only patch 2.3.3-p2 released in October. The company has already stated that patching will have the side effect of “blocking administrators from viewing previews for products, blocks and dynamic blocks but they have assured that it will re-enable the preview functionality as soon as possible.
Piotr Kaminski of the Magento security team wrote in a posting on Monday “We recommend that all merchants, even those who have already upgraded to 2.3.3 or applied security-only patch 2.3.2-p2, review the security of their Magento site to confirm that it was not potentially compromised before the upgrade,” Further he added “Applying this hotfix or upgrading…will help defend your store against potential attacks going forward, but will not address the effects of an earlier attack. The same update patches several other critical emote-execution flaws with a CVSS v.3 scores of 9 and above, as well as cross-site scripting (CSS) issues.”
Some of the crucial measures to secure your Magento store from Magecart attacks:
Magento is a fantastic platform for creating a thriving website. It has a 24*7 support team that works consistently on maintenance and security updates. We recommend Magento store owners stay current on the best security practices. As the old saying goes, “it’s better to be safe than sorry”. Talk with a trusted Magento upgrade service provider to upgrade your Magento store before it’s too late.
Adobe acquired Magento has launched his latest Magento 2.4.3 release...
The benefits of Magento 2 are not hidden anymore. But,...
If you’re still on Magento 1, take notice that Adobe...
Adobe acquired Magento has already released Magento 2 with lots...
Norwegian women’s sportswear seller Get Inspired was launched in 2009 and...