Get started in 5 minutes!

Magento core vulnerabilities

Adobe frequently releases security patches, addressing important vulnerabilities in Magento. Most vulnerabilities are of the “XSS/CSRF” type. These may enable an attacker to intercept administrator sessions. More rarely, “unauthorized RCE/SQLi” bugs are discovered, which are typically more dangerous as they hand full control of your store to a third party.

eComscan will alert when you are running an outdated and vulnerable core installation.

See our secure release/hotfix matrix to determine which patches or upgrades you need.

Sansec strongly recommends to install these security patches as soon as possible. In the past, published vulnerabilities have been massively exploited within days of publication.

An overview of the most recent critical patch releases for Magento 2:

More information


Installed all relevant patches and eComscan still reports an issue?

  • In some cases, the old (vulnerable) code is cached and still active, so you should ensure to flush all your caches.
  • In some cases, your account contains multiple installations (perhaps by accident) and not all of them have been upgraded.

This page was last updated at Dec 14th, 2022

Need expert advice?

We are here to help!

Get in touch