cancel
Showing results for 
Search instead for 
Did you mean: 

Magento Affiliate Plus Vulnerability - Please Update

Magento Affiliate Plus Vulnerability - Please Update

While performing a security audit for a client, we happen to find a vulnerability in Affiliate Plus extension. I believe, a number of Magento store owners use this extension.

 

The vulnerability found was XSS, not a major one but still can be used by hackers to compromise end users/admin account too. We worked with Magestore team to fix the vulnerability and a new patched version is out. Requesting everyone using the Affiliate Plus module to please fix it.

 

All the details about the vulnerability can be found on our blog: https://www.getastra.com/blog/magento-module-xss-affiliate-plus-update/

 

Hope it helps, please be sure to upgrade!

2 REPLIES

Re: Magento Affiliate Plus Vulnerability - Please Update

Thanks for this man. I also have checked it on my affiliate extension at https://www.jorhna.com and we found the error now my team is working on the patch. Thanks again for putting this out here for all of us to know.

Re: Magento Affiliate Plus Vulnerability - Please Update

Glad I could help. We try and put out the vulnerabilities we find in extensions so that others can benefit Smiley Happy