Local Storage seems to be disabled in your browser.
For the best experience on our site, be sure to turn on Local Storage in your browser.

Build your own Magento store from $500/mo Check Now
My Cart
Email / Chat
Skype & Line
Search
Menu
Client Area

Security

Magento 2 Security related issues.

  1.  Tech Security

    CVE-2024-34102 Cosmic Sting Online Checker

    wubinworks team - March 09, 2025 55

    Check whether your Magento store is affected by CVE-2024-34102(a.k.a Cosmic Sting) with only a few clicks. You can also use it to check whether the applied patch works. Simply input your store's Base URL...

    Read more
  2. Security How to

    Why `\Magento\Framework\Xml\Security` is not secure? And how to bypass

    wubinworks team - December 19, 2024 61

    Class \Magento\Framework\Xml\Security in Magento 2 framework is intended to prevent XXE and its scan method can detect entities in XML input, by design. However, we found a way to bypass the scan method...

    Read more
  3. Security

    Magento 2 Rotate Encryption Key

    wubinworks team - December 07, 2024 158

    The encryption key in Magento is used to encrypt sensitive data such as API credentials, and most important thing, the Admin WebAPI Token is issued by this key. We need to rotate it if the key is leaked...

    Read more
  4. Security

    New Encryption Key format introduced on Magento 2.4.7

    wubinworks team - December 02, 2024 39

    Starting from Magento 2.4.7, the encryption key has a new format and the key length is increased to 256-bit. We will demonstrate the key generation process and after reading this blog, you should be able...

    Read more
  5. Security How to

    CVE-2024-34102(a.k.a CosmicSting) How to Defend

    wubinworks team - September 12, 2024 155

    How to fix CVE-2024-34102 -- a CVSS Score 9.8(Critical) and RCE possible vulnerability? Upgrade Magento to greater than 2.4.7-p1 is the best solution, but sometimes this could not be done in a few days...

    Read more
  6. Security How to

    CVE-2024-34102(a.k.a CosmicSting) How to Attack

    wubinworks team - September 10, 2024 162

    CVE-2024-34102(Now it can be chained with another bug to RCE) was discovered in 2023 and its details were published in June 2024. There already exists verified exploit script on the internet. By exploiting...

    Read more
Categories
Recent Posts
CVE-2024-34102 Cosmic Sting Online Checker
CVE-2024-34102 Cosmic Sting Online Checker
March 09, 2025
Correct Way To Detect Customer Login On Magento 2 Frontend With Full Page Cache
Correct Way To Detect Customer Login On Magento 2 Frontend With Full Page Cache
February 10, 2025
How to display a notice when customer selects certain Payment Method in Magento 2?
How to display a notice when customer selects certain Payment Method in Magento 2?
January 23, 2025
Customization for searching empty field in Magento 2 Admin Grid
Customization for searching empty field in Magento 2 Admin Grid
December 31, 2024
Why `\Magento\Framework\Xml\Security` is not secure? And how to bypass
Why `\Magento\Framework\Xml\Security` is not secure? And how to bypass
December 19, 2024
Archive
March 2025
February 2025
January 2025
December 2024
September 2024
August 2024
Tags
Magento 2 security CVE-2034-34102 Cosmic Sting Customization Development cve bug WebAPI How to XXE security tool CosmicSting cache encryption key Knockout.js Javascript Frontend performance fpc header x-magento-tags tags attack defend JWT Authentication key rotation token config.xml ModularConfigSource xml framework Admin Grid Filter UI Component Search Criteria SQL Checkout Payment Method Customer Login Check Customer Login Asynchronous Way CDN Full Page Cache ko.observable Cloudflare Fastly Cloudflare Free Plan online