The Magento products affected were Magento CE prior to 18.104.22.168, and Magento EE prior to 22.214.171.124. The company’s updates, slugged SUPEE-7405, fixes 20 issues, two considered critical.
Of the remaining vulnerabilities four were rated as “high”, 10 as “medium” and four as “low”.
Magento noted that these vulnerabilities were not used in any known attacks.
Magento previously patched a zero-day vulnerability in October 2015 that could have been used by an attacker to access credentials and potentially gain complete control of the a user’s Magento database.