On 14th September 2017, Magento released a critical security patch; SUPEE-10266.

SUPEE-10266, Magento Commerce (formerly known as Enterprise Edition) and Magento Open Source (formerly known as Community Edition) contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorised data leak, and authenticated admin user remote code execution vulnerabilities. These releases also include fixes for issues with image reloading and payments using one-step checkout.

This patch also included Magento 2 versions for Magento Commerce (Enterprise Edition) and Open Source (Community Edition) 2.0.16 and 2.1.9

The Magento 2 version updates also include support for the changes to the USPS shipping rates that the USPS introduced on September 1, 2017.

Although none of these exploits have a known attack where they have been utilised, they have all been patched in this security update.

If you require any further information regarding this patch update, or assistance with installing – please get in touch with one of our team on 0113 833 0411 or drop us an email.