---
title: "Security Alert &#8211; 4/30/2015 &#8211; Magento code execution vulnerability"
description: "Magento Critical Vulnerability Issue: Magento has discovered a code-execution hole in both the community and enterprise editions. Status: Update has been released. Who is impacted?Community and..."
url: https://www.inmotionhosting.com/support/edu/magento/security-alert-4-30-15-magento/
date: 2015-04-30
modified: 2015-04-30
author: "Scott Mitchell"
categories: ["Magento", "Security"]
type: post
lang: en
---

# Security Alert &#8211; 4/30/2015 &#8211; Magento code execution vulnerability

## Magento Critical Vulnerability

| Issue: | Magento has discovered a code-execution hole in both the community and enterprise editions. |
| --- | --- |
| Status: | Update has been released. |
| Who is impacted? | Community and Enterprise editions of Magento. |

## Why was this update released?

The web security firms Incapsula and Sucuri have discovered that malicious users are exploiting the bug to create new admin accounts inside the Magento databases. Sucuri reports that the extra admin accounts are being accessed later to steal customer information from the database.

You can read more from the [Sucuri blog](https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html).

## What should I do?

WordPress strongly encourages you to [update](https://www.magentocommerce.com/products/downloads/magento/) your sites immediately. Look for the **SUPEE-5344** download link to patch your site.
