Bleeping Computer

Magento plugin Magmi vulnerable to hijacking admin sessions

A cross-site request forgery (CSRF) vulnerability continues to be present in the Magmi plugin for Magento online stores, despite developers receiving a report from researchers that discovered it.
Threat Post

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites. Researchers have disclosed two flaws that could enable remote code execution attacks ...
Graham Cluley

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

ZDNet reports that the FBI has issued a “flash alert” warning that hackers are planting Magecart-style payment card-skimming code on Magento-powered online stores running an out-of-date plugin.
cio.economictimes.indiatimes

Artificial Intelligence platform, Boxx.ai Launches Magento Plugin

Bangalore- Boxx.ai, Bangalore-based AI for e-commerce has launched a Magento plugin to help its expanding user base in integrating quickly and effectively with its services. Using the plugin ...
Ars Technica

Mass exploit of WordPress plugin backdoors sites running Joomla, Magento, too

As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security ...