1 (888) 997-2457 Chat Status Login
We can help you. Right now.
Fast growing merchants depend on JetRails for high-stakes hosting. Experience counts. Let's get started.
Your message has been received, a representative will be contacting you shortly. if you have an emergency, please call us at 1 (888) 997-2457 or email us at [email protected]









Call us at:1 (888) 997-2457

Critical Vulnerability in Magestore Store Locator and Store Pickup Magento 2 Extensions

March 19, 2019
Magento Security
Robert Rand
Director of Partnerships & Alliances

Robert is a Magento 1 & 2 Solution Specialist with over a decade of experience in helping merchants benefit from sound E-commerce and Digital Marketing strategies. He’s highly experienced at harnessing the power of E-commerce technologies and solutions to help businesses of all types and sizes grow and succeed and has earned numerous distinctions and accolades from his work with merchants and partner organizations.

Magestore has been a Magento Extension Development team for over 10 years. A critical vulnerability has been discovered in two of their more popular Magento 2 extensions. Specifically, their Store Locator AND their Store Pickup extensions. Keep in mind that if you’re using a Magestore POS or Omnichannel solution, you may be leveraging one of these extensions in your website.

Magestore has made a patch available to address this critical vulnerability: https://blog.magestore.com/store-locator-extension-patch/

If you have either extension installed and are not using it, we advise you to disable the extension immediately. It is a best practice to disable any extension that you’re not actively using. This minimizes site maintenance and security threats. Keep in mind that much like Magento itself, extension developers do put out updates and patches from time-to-time, so auditing and updating your Magento extensions as part of your overall site-maintenance schedule is highly recommended.

If you have this extension installed and intend to keep using it, we recommend deploying this patch as soon as possible. Please be sure to adhere to your normal deployment best-practices, which should include testing the patch in a staging environment.

It will also be important to check for signs that this vulnerability was already exploited in your website. This can include tasks such as auditing your site for admin user accounts that were created without your knowledge and checking for suspicious database queries.

Background on Magestore and their extensions:

Magestore has historically been one of the more popular Magento extension development teams for many years, offering a wide variety of paid extensions. They have more recently switched their focus from offering many one-off extensions to offering a Point of Sale (POS) solution for Magento stores.

Magestore is still offering 3 extensions in the Magento Marketplace (their Banner Slider, Facebook Login, and Vietnamese Language Pack extensions). These extensions are being offered for free, but reviews are mixed. Magestore is, however, still recognized as a Magento Premier Extension Builder.

Magestore Magento Marketplace Extensions March 2019

Regarding their old extensions, Magestore is no longer offering their old catalog of extensions for sale. They do not appear to be offering any extensions for purchase outside of their bundled Omnichannel / POS solution:

Magestore Magento 2 Store Locator No Longer Being Sold

Magestore Magento 2 Store Pickup part of Magestore POS

Additionally, if you still own any Magestore extensions, be aware that Magestore is not putting out any feature updates, nor are they offering any customization or other services related to their old extensions.

Magestore ends support for their Magento Extensions

If you own any Magestore extensions, you’ll want to keep this in mind. If, for instance, you’re upgrading between Magento version (say, from 2.1 to 2.3), and you have compatibility issues, you won’t be able to rely on Magestore’s support for assistance. That means there may be cases where it makes sense to replace a Magestore extension rather than debug it.

 

Recommended Resources:

– If you’re still worried about the safety and security of your Magento website, we recommend taking advantage of the Free Magento Security Assessment offered by the JetRails team.

– Additionally, a Website Access Firewall (WAF), such as the one provided by Cloudflare, can provide an additional layer of security for your website. JetRails has created free Cloudflare Extensions for Magento 1 & 2 to help you more easily manage Cloudflare right from your Magento admin.

More Articles
14 Questions to Ask Before Hiring a Magento Agency
View Article
Why Do Magento 2 Store Owners Use a One Step Checkout Extension?
View Article
JetRails Recognized as a Leading Firm in IT and Business Services!
View Article