Vulnerability recognized on just a few PrestaShop modules and themes – PrestaShop Weblog

An assault towards just a few PrestaShop shops was reported to us. Thanks to the numerous professionals who contacted us concerning this safety situation. The PrestaShop groups instantly launched an exhaustive seek for the vulnerabilities exploited by the assault, and recognized the trigger.

We discovered that just a few modules and themes have been affected. These are now not out there for obtain through the PrestaShop Addons Marketplace, and the builders of those modules and themes have been notified.

Who’s in danger?

The vulnerabilities of considerations right here correspond to a number of information, contained in sure variations of modules and themes. These information are present in modules named “explorerpro” “sampledatainstall” “colorpictures”:

  • /modules/explorerpro/motion.php

  • /modules/sampledatainstall/sampledatainstall-ajax.php

  • /modules/colorpictures/ajax/add.php

In the event you discover these information, then the affected theme or module is susceptible.

What to do?

In case you are affected, the simplest method is to deactivate after which delete these modules if you do not want them. In case you are nonetheless utilizing these modules, an replace to their newest model is required.

If these information are included in a theme, ensure you have the most recent model put in in your on-line retailer. If essential, contact the theme developer.

Lastly, service suppliers used to work with you in your web site are clearly the appropriate folks to speak to when you have any doubts: they may know what to do so as to defend your on-line retailer. You too can contact our help center and think about our selection of partners.

Happily, most on-line shops created with PrestaShop use different themes or appear to work with up-to-date variations of those modules and aren’t in danger.

Once more, we need to thank these of you who reported this safety situation. Let’s carry on enhancing the safety of PrestaShop and its extensions, collectively.

Source link