Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Magento Affiliate Plus Vulnerability - Please Update

‎04-19-2017 06:55 AM
‎04-19-2017 06:55 AM

Magento Affiliate Plus Vulnerability - Please Update

While performing a security audit for a client, we happen to find a vulnerability in Affiliate Plus extension. I believe, a number of Magento store owners use this extension.

 

The vulnerability found was XSS, not a major one but still can be used by hackers to compromise end users/admin account too. We worked with Magestore team to fix the vulnerability and a new patched version is out. Requesting everyone using the Affiliate Plus module to please fix it.

 

All the details about the vulnerability can be found on our blog: https://www.getastra.com/blog/magento-module-xss-affiliate-plus-update/

 

Hope it helps, please be sure to upgrade!

Reply
2 REPLIES 2
‎05-17-2017 12:11 AM
‎05-17-2017 12:11 AM

Re: Magento Affiliate Plus Vulnerability - Please Update

Thanks for this man. I also have checked it on my affiliate extension at https://www.jorhna.com and we found the error now my team is working on the patch. Thanks again for putting this out here for all of us to know.

Reply
‎05-17-2017 07:02 AM
‎05-17-2017 07:02 AM

Re: Magento Affiliate Plus Vulnerability - Please Update

Glad I could help. We try and put out the vulnerabilities we find in extensions so that others can benefit Smiley Happy

0 Kudos
Reply