Bleeping Computer

Magento plugin Magmi vulnerable to hijacking admin sessions

A cross-site request forgery (CSRF) vulnerability continues to be present in the Magmi plugin for Magento online stores, despite developers receiving a report from researchers that discovered it.
Threat Post

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites. Researchers have disclosed two flaws that could enable remote code execution attacks ...
ZDNet

FBI warns about attacks on Magento online stores via old plugin vulnerability

The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers' payment card data. This ...
Graham Cluley

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

ZDNet reports that the FBI has issued a “flash alert” warning that hackers are planting Magecart-style payment card-skimming code on Magento-powered online stores running an out-of-date plugin.
Ars Technica

Mass exploit of WordPress plugin backdoors sites running Joomla, Magento, too

As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security ...
Searchenginejournal.com

Making the Most of Magento #SEO Among Multiple URLs

Editor Note: The author has no affiliation with any of the plugins mentioned, but did solicit plugin recommendations from the Magento community, which allowed some developers to recommend their own ...