Only a couple of days ago, the news portal threatpost.com published an article on Magento being vulnerable to a zero-day remote code execution, putting about 200,000 online retailers at risk. The security gap had already been discovered by security firm DefenseCode in November 2016.
“During the security audit of Magento Community Edition, a high risk vulnerability was discovered that could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information,” DefenseCode wrote in a technical description of its discovery (PDF) last week.
Magento confirmed the existence of the flaw in a brief statement to Threatpost and said it was investigating.
In addition to the security gap that has apparently been ignored for months, merchants using Magento are facing another risk. Roughly one year from now Magento will discontinue any support for their 1.x platform, essentially forcing Magento merchants to upgrade to Magento 2.
Not a normal Update
This introduces a number of threats. Structural differences between Magento versions 1.x and 2 make upgrading extremely complicated and expensive. This is not a normal update by any means – even Magento estimates that the update requires 20% more resources than standard, leading to increased demands for developers and a noticeable strain on an entire business.
In the age of eCommerce disruption, there’s no better time than now to consider migrating to a new platform.
You need an innovative solution that can be trusted as the technological backbone of your business. With Shopware, any platform uncertainty becomes sustainable growth. Make the most of your business and escape the Magento trap!