Magento issues fixes for 20 vulnerabilities, two rated critical
Magento pushed out patches for 20 known vulnerabilities.
The Magento products affected were Magento CE prior to 184.108.40.206, and Magento EE prior to 220.127.116.11. The company's updates, slugged SUPEE-7405, fixes 20 issues, two considered critical.
Of the remaining vulnerabilities four were rated as “high”, 10 as “medium” and four as “low”.
Magento noted that these vulnerabilities were not used in any known attacks.
Magento previously patched a zero-day vulnerability in October 2015 that could have been used by an attacker to access credentials and potentially gain complete control of the a user's Magento database.