Critical Security Advisory for All Versions of Magento Enterprise Edition and Magento Community Edition
The remote code execution (RCE) vulnerability, or “shoplift” bug, was reported to us by Check Point Software Technologies in late January 2015. It affects both Magento Enterprise Edition and Magento Community Edition and allows attackers to obtain control over a store and its sensitive data, including personal customer information. Magento issued a patch for this issue on February 9, 2015.
To check your site for vulnerabilities, find signs of a compromised site and follow direct links to download the patches, please visit: http://magento.com/security-patch
While a large number of merchants have successfully downloaded the patch, many still have not done so. Please act now to ensure that your Magento store is secure!