Magento Critical Vulnerability
|Issue:||Magento has discovered a code-execution hole in both the community and enterprise editions.|
|Status:||Update has been released.|
|Who is impacted?||Community and Enterprise editions of Magento.|
Why was this update released?
The web security firms Incapsula and Sucuri have discovered that malicious users are exploiting the bug to create new admin accounts inside the Magento databases. Sucuri reports that the extra admin accounts are being accessed later to steal customer information from the database.
You can read more from the Sucuri blog.
What should I do?
WordPress strongly encourages you to update your sites immediately. Look for the SUPEE-5344 download link to patch your site.