Some of the affected websites appear to not have patched a code execution vulnerability nicknamed the Shoplift Bug Patch, Magento’s security team wrote in a blog post. A patch was released in February.
Other Magento-powered sites have not applied other patches, making them vulnerable.
The latest attack against Magento was highlighted by Malwarebytes and Sucuri, two security companies, who noticed attacks on the client and server sides.
Powered by WPeMatico