Magento 1 End of Life Hosting Services ❯
We can help you. Right now.
Fast growing merchants depend on JetRails for high-stakes hosting. Experience counts. Let's get started.
Your message has been received, a representative will be contacting you shortly. if you have an emergency, please call us at 1 (888) 997-2457 or email us at [email protected]

Call us at:1 (888) 997-2457

SUPEE-10266 Released

SUPEE-10266, Magento Commerce (Enterprise) and Open Source (Community) contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also include fixes for issues with image reloading and payments using one-step checkout.

As always, install the patch in a development environment and test before applying it to your live site.

If you need any assistance with security patch updates, please send an email to: [email protected] or contact your Account Manager at eBoundHost.

For your convenience, we have quoted some of the announcement from Magento’s Forum below.

13 Updates:

APPSEC-1838: RSS session admin cookie can be used to gain Magento administrator privileges.
APPSEC-1800: Remote Code Execution vulnerability in CMS and layouts
APPSEC-1835: Exposure of Magento secret key from app/etc/local.xml
APPSEC-1757: Directory traversal in template configuration
APPSEC-1852: CSRF + Stored Cross Site Scripting (customer group)
APPSEC-1494: AdminNotification Stored XSS
APPSEC-1793: Potential file uploads solely protected by .htaccess
APPSEC-1853: CSRF + Stored Cross Site Scripting in newsletter template
APPSEC-1729: XSS in admin order view using order status label in Magento
APPSEC-1579: Customer Segment Delete Action uses GET instead of POST request
APPSEC-1588: Order Item Custom Option Disclosure
APPSEC-1599: Admin login does not handle autocomplete feature correctly
APPSEC-1688: Secure cookie check to prevent MITM not expiring user sessions

Be sure to implement and test the patch in a development environment first to confirm that it works as expected before deploying it to a production site.

Visit the official Magento site for more details, or continue to learn more about best-practices for securing your Magento store.

About The Author
Tom Puchalski
Director of Magento Success

Tom is the Director of Magento Success for JetRails. For over 20 years, he has been passionate about learning new technologies. He has spent his career analyzing thousands of e-commerce stores and transforming businesses through extensive research, insights, best practices & partnerships. He brings his expertise to JetRails by helping customers grow and drive Magento success. At the end of the day, Tom believes ecommerce is about people not just servers.

Get A Free Consultation From The JetRails Team

Need Help With Hosting Support, Security, Scalability, Speed, or Stability?

More Articles
Magento 2.4, Patch, and SUPEE-11346
View Article
Benefits of the Odoo Open Source ERP
View Article
How and Why Headless Commerce is Making SaaS More Open
View Article