Attackers are using a vulnerability in a popular dependency used by modules to take control of PrestaShop sites. Last week we were informed of a safety issue affecting most versions of PrestaShop. Like any process of solving safety problems, it takes time to gather all information from our current clients but now we are happy to share with you all the necessary steps that could be done to avoid any problems in the future.
Although the security issues mainly affect the latest 1.7 versions of PrestaShop, it appears that all versions might be concerned.
Several modules have already been identified as vulnerable:
1-Click Upgrade (autoupgrade): versions 4.0 beta and later
Cart Abandonment Pro (pscartabandonmentpro): versions 2.0.1~2.0.2
Faceted Search (ps_facetedsearch): versions 2.2.1~3.0.0
Merchant Expertise (gamification): versions 2.1.0 and later
PrestaShop Checkout (ps_checkout): versions 1.0.8~1.0.9
What does it mean to your business?
Failure to review and fix it will allow hackers to reach your server, see and/or delete data from your eShop.
How to protect your online store?
The security of online shops is our top priority and we’re doing our best to help PrestaShop merchants to solve these issues. Here are the two main steps that we recommend to follow if your eShop might have been affected:
Step 1# Initial security investigation
Our experienced developer will investigate your online store to check if there are any security gaps. After the investigation is finished, our team will inform you about any malware files your online store might have.
Step 2# Complete security audit. Phase I (Only possible if your shop has a back-up file).
If your eShop was compromised, during the audit certified PrestaShop developers will perform a code analysis depending on the store’s back-up file. This process will help us to identify the extent of the security issue.
Step 3# Complete security audit. Phase II
Depending on the extent of the eShop damage, we will continue investigation and provide you with the final report with solutions for successful online store operation in the near future.
It is important to understand that the security issues shouldn’t be taken lightly and it’s important to act soon.
If you want to have a professional look into your online store to see if it has been affected by the malware write us a message to [email protected]