Security Center

Get the latest patches, security updates, and best practices for your Magento sites

New Security Update

Install critical updates for Magento 1.x and Magento 2.x versions

See the Details

NEW! Magento Security Scan Tool

Monitor your sites for security risks, update malware patches, and detect unauthorized access with Magento Security Scan, the latest FREE tool from Magento Commerce.

Go to Security Scan

< Security Center

Filter by topic

Patches
Magento 2.3.2, 2.2.9 and 2.1.18 Security Update 1/3
Jun 25, 2019

These versions contains multiple functional and security updates. Risk: Critical for Magento Commerce and Magento Open Source prior to 2.1.18, 2.2.9 and 2.3.2.

News
Magento Recommendations for PHP Vulnerabilities
Sep 13, 2019

On September 3, Multi-State Information Sharing and Analysis Center (MS-ISAC) has issued an alert related to multiple vulnerabilities that could allow for arbitrary code execution and a recommendation that all sites using PHP should update to the latest PHP version ASAP. Read on for impacts and steps for Magento Commerce sites.

Patches
Magento 2.3.2, 2.2.9 and 2.1.18 Security Update 3/3
Jun 25, 2019

Magento 2.3.2, 2.2.9, and 2.1.18 contain 75 critical security enhancements. These enhancements are described in three related blog posts — the post you’re currently reading plus these two separate posts, which you can find here: Part 1 and Part 2.

Patches
Magento 2.3.2, 2.2.9 and 2.1.18 Security Update 2/3
Jun 25, 2019

Magento 2.3.2, 2.2.9, and 2.1.18 contain 75 critical security enhancements. These enhancements are described in three related blog posts — the post you’re currently reading plus these two separate posts, which you can find here: Part 1 and Part 3.

Patches
SUPEE-11155
Jun 25, 2019

This patch contains several security updates. Risk: Critical for Magento Commerce prior to 1.14.4.2 and Open Source prior to 1.9.4.2.

Security Update for Potential Vulnerability in Magento Admin URL location
May 10, 2019

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. To best protect your store, Magento has released patches and recommends additional security steps to protect your store

News
Phishing alert: New phishing attempts for Magento customers
Apr 10, 2019

We are aware of reports that phishing attempts are impersonating Magento and are being used for targeted attacks. This misleading phishing email encourages users to click on a link that indicates all users are required to register for an alert platform. Please review this blog for more information.

Patches
SUPEE-11086
Mar 26, 2019

This patch contains several security updates. Risk: Critical for Magento Commerce prior to 1.14.4.1 and Open Source prior to 1.9.4.1.

Patches
Magento 2.3.1, 2.2.8 and 2.1.17 Security Update
Mar 26, 2019

These versions contains multiple functional and security updates. Risk: Critical for Magento Commerce and Magento Open Source prior to 2.1.17, 2.2.8 and 2.3.1.

News
Critical Vulnerability in Magestore Store Locator extension
Mar 8, 2019

A critical vulnerability exists in the Magestore Store Locator extension version 1.0.2 (and earlier versions) that could result in unauthorized access to sensitive information. Magento urges customers running this extension to immediately disable this extension or block requests. Read more.