Update! Update! Update!
Yesterday Magento released a SQL vulnerability alert.
It has been noted that the following third-party extensions/plug-ins are vulnerable:
- EM (Extreme Magento) Ajaxcart
- EM (Extreme Magento) Quickshop
- MD Quickview
- SmartWave QuickView
It is recommended that all third-party extensions/plug-ins implemented are reviewed and updated. It is also recommended that all Magento administration user accounts are reviewed to ensure that there are no unauthorised user accounts.
Additional protection against SQL attacks and other malicious activity can be gained by implementing a Web Application Firewall.
We’ve received reports that the SQL injection vulnerability is potentially being exploited. If you currently use these extensions or themes, you should immediately reach out to the company from which you purchased the extensions or themes to request updated code.