Magento has just released a new Security patch, i.e. SUPEE-10266 on its official website. This newest security patch addresses some critical security vulnerabilities affecting Magento Commerce prior to 126.96.36.199 and Open Source prior to 188.8.131.52. These vulnerabilities cover unauthorized data leak, cross-site request forgery (CSRF), authenticated Admin user remote code execution and many others.
We highly recommend all Magento store owners to upgrade to the latest Magento versions (Magento Commerce 184.108.40.206 and Magento Open Source 220.127.116.11) to address these vulnerabilities. Those who do not want to upgrade to these versions of Magento must apply the SUPEE-10266 patch to fix these same vulnerabilities. This release also provides fixes for issues regarding image reloading and payments via one-step checkout.
We at Envision Ecommerce have always been keen about the security updates and consider it as utmost required for your store. In a case, you find it a nightmare for you to apply to your Magento 1 store, we are here to make you apply the new SUPEE-10266 patch as soon as possible. We have already installed several security patches for over 200+ stores, and successfully done such security upgrades for many Magento sites earlier. Go ahead and let our Magento certified developers to maintain your store security with zero downtime.
For more details about the SUPEE-10266 patch, you can visit Magento’s official website. (https://magento.com/security/patches/supee-10266)