Magecart zero day attacks

Recently it was brought to light by security researcher Willem de Groot that attackers are making use of unpublished security flaws in about two dozen Magento extensions. The vulnerabilities in these extensions allow the attackers to gain full control over the targeted websites via Remote Code Execution (RCE).

Added checks

The Magereport team has released a check for six of these modules so far. These modules are MadeCache, AjaxProducts, AdvancedReports, Campaigner and Ves_VendorsCredit. If you use any of these modules head over to Magereport and scan your webshop to see if you’re vulnerable to these RCE attacks or not.


Expect more checks for the rest of the modules the coming week.