Wubinworks Tech Blog

Check whether your Magento store is affected by CVE-2024-34102(a.k.a Cosmic Sting) with only a few clicks. You can also use it to check whether the applied patch works. Simply input your store's Base URL...

Sometimes we need to "detect"(check) the customer's login status and do something. For instance, display a coupon code to logged in customers only. Things become complicated when Full Page Cache(incl...

Magento supports multiple payment methods and you can even develop your own payment method. This is a big plus as store owners can fully control the last and the most important step of checkout process...

As illustrated in the concept image, we got a request from our client that he wants to use the built-in Admin Grid filter feature to search entries that has empty field. To be more specific in his situation...

Class \Magento\Framework\Xml\Security in Magento 2 framework is intended to prevent XXE and its scan method can detect entities in XML input, by design. However, we found a way to bypass the scan method...

Magento 2 uses "Scoped configuration" to adopt multiple stores setup. Configuration value has a fallback mechanism and the "default value" is stored in etc/config.xml. In most cases, we just make use...

The encryption key in Magento is used to encrypt sensitive data such as API credentials, and most important thing, the Admin WebAPI Token is issued by this key. We need to rotate it if the key is leaked...

How to fix CVE-2024-34102 -- a CVSS Score 9.8(Critical) and RCE possible vulnerability? Upgrade Magento to greater than 2.4.7-p1 is the best solution, but sometimes this could not be done in a few days...

CVE-2024-34102(Now it can be chained with another bug to RCE) was discovered in 2023 and its details were published in June 2024. There already exists verified exploit script on the internet. By exploiting...