Magento Hosting Emergency? Learn About Our Magento Hosting Rescue Service! ❯

    We can help you. Right now.
    Fast growing merchants depend on JetRails for high-stakes hosting. Experience counts. Let's get started.
    Your message has been received, a representative will be contacting you shortly. if you have an emergency, please call us at 1 (888) 997-2457 or email us at [email protected]
    Call us at:1 (888) 997-2457

    SUPEE-10266 Released

    SUPEE-10266, Magento Commerce (Enterprise) and Open Source (Community) contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also include fixes for issues with image reloading and payments using one-step checkout.

    As always, install the patch in a development environment and test before applying it to your live site.

    If you need any assistance with security patch updates, please send an email to: [email protected] or contact your Account Manager at eBoundHost.

    For your convenience, we have quoted some of the announcement from Magento’s Forum below.

    13 Updates:

    APPSEC-1838: RSS session admin cookie can be used to gain Magento administrator privileges.
    APPSEC-1800: Remote Code Execution vulnerability in CMS and layouts
    APPSEC-1835: Exposure of Magento secret key from app/etc/local.xml
    APPSEC-1757: Directory traversal in template configuration
    APPSEC-1852: CSRF + Stored Cross Site Scripting (customer group)
    APPSEC-1494: AdminNotification Stored XSS
    APPSEC-1793: Potential file uploads solely protected by .htaccess
    APPSEC-1853: CSRF + Stored Cross Site Scripting in newsletter template
    APPSEC-1729: XSS in admin order view using order status label in Magento
    APPSEC-1579: Customer Segment Delete Action uses GET instead of POST request
    APPSEC-1588: Order Item Custom Option Disclosure
    APPSEC-1599: Admin login does not handle autocomplete feature correctly
    APPSEC-1688: Secure cookie check to prevent MITM not expiring user sessions

    Be sure to implement and test the patch in a development environment first to confirm that it works as expected before deploying it to a production site.

    Visit the official Magento site for more details, or continue to learn more about best-practices for securing your Magento store.

    About The Author
    Tom Puchalski
    Director of Magento Success

    Tom is the Director of Magento Success for JetRails. For over 20 years, he has been passionate about learning new technologies. He has spent his career analyzing thousands of e-commerce stores and transforming businesses through extensive research, insights, best practices & partnerships. He brings his expertise to JetRails by helping customers grow and drive Magento success. At the end of the day, Tom believes ecommerce is about people not just servers.

    Get A Free Consultation From The JetRails Team

    Need Help With Hosting Support, Security, Scalability, Speed, or Stability?

      More Articles
      Why Improved Import & Export Is Such A Popular Magento 2 Extension
      View Article
      Magento Critical Security Patches 2.4.5-p1 and 2.4.4-p2
      View Article
      Magento 2.4.5 and August 2022 Magento Ecosystem News
      View Article