- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Magento Affiliate Plus Vulnerability - Please Update
While performing a security audit for a client, we happen to find a vulnerability in Affiliate Plus extension. I believe, a number of Magento store owners use this extension.
The vulnerability found was XSS, not a major one but still can be used by hackers to compromise end users/admin account too. We worked with Magestore team to fix the vulnerability and a new patched version is out. Requesting everyone using the Affiliate Plus module to please fix it.
All the details about the vulnerability can be found on our blog: https://www.getastra.com/blog/magento-module-xss-affiliate-plus-update/
Hope it helps, please be sure to upgrade!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Magento Affiliate Plus Vulnerability - Please Update
Thanks for this man. I also have checked it on my affiliate extension at https://www.jorhna.com and we found the error now my team is working on the patch. Thanks again for putting this out here for all of us to know.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Magento Affiliate Plus Vulnerability - Please Update
Glad I could help. We try and put out the vulnerabilities we find in extensions so that others can benefit