Vulnerable modules

eComscan will find and report known insecure modules. A team of security researchers maintains a database of vulnerable version numbers. 

You may have disabled or renamed a vulnerable module, but still get an alert. This is intended, because sometimes insecure modules still pose a threat, even when they are marked as “disabled”. 

You may have manually patched a vulnerability, for example when no official fix or update is available. To stop eComscan from reporting this module, you should add -patch to the version number (for Magento 1, this is under Vendor/Module/etc/config.xml).

This page was last updated at May 14th, 2020

Need expert advice?

We are here to help!

Get in touch