Nexcess Blog Logo
December 12, 2013

New Magento Vulnerability Targets WYSIWYG Editor: Patch Details Here

A patch has been released to fix a remote code vulnerability in some versions of Magento.

The recently discovered remote code execution vulnerability may allow an attacker with administrative privileges to delete files and folders from a Magento installation through an exploit in the WYSIWYG editor. Magento Enterprise Edition stores from versions through to version, and Magento Community Edition stores between and are at risk and should apply the patch detailed below. The vulnerability has been fixed in the latest Magento releases and those operating Magento stores outside the above ranges will not require a patch..

Magento site owners can implement the necessary patch by doing the following:

  1. SSH to your server and navigate to your Magento base directory
  2. Execute the following commands:


The vulnerability was discovered during Magento’s quarterly penetration testing, with no reports of exploitation in the wild, but all Magento store owners should apply the patch as soon as possible to ensure that their stores remain secure.

Avatar for Nexcess
Power up your sites and stores with custom-built technology designed to make every aspect of the digital commerce experience better. Make your digital commerce experience better with Nexcess. Visit today and see how we can help.