Magento Security Patch SUPEE-10888



SUPEE-10888 is the newest security patch for Magento Commerce and Open Source Introduced on September 10, 2018, SUPEE-10888 provides multiple resolutions for various security vulnerabilities and performance issues detected within the earlier versions of the Magento platform.


The Magento Security Patch SUPEE-10888 is accessible for merchants using the following Magento editions:


  • Magento Commerce merchants should download the SUPEE-10888 Security Patch or install Magento Commerce


Magento ongoing support professionals recommend that Magento Open Source merchants download the SUPEE-10888 Security Patch or go directly to install Magento Open Source


The Magento managed support experts at top Magento agency Forix advise downloading and installing the SUPEE-10888 security patch for your Magento Commerce or Magento Open Source platform.


Security Resolutions


With the installation assistance of Magento ongoing support from top Magento developer Forix, you can obtain the benefits of all the following security protections that are embedded in the SUPEE-10888 security patch.


APPSEC-2061: Unconfirmed Information Breach Through Layout Injection


This security risks allows an administrator with limited authority to get days he or she does not have the permissions to access. This problem affected all Magento Open Source editions before, in addition to all Magento Commerce editions before


APPSEC-1971: Reflective XSS Against Admin Grid Panel


As cross-site scripting security problem, this risk permits the employment of arbitrary JS on the admin sales grid with the use of URL restrictions.


APPSEC-1859: Reset Password URL Includes Consumer ID


This information security threat gives a hacker the chance to obtain a consumer’s ID in a customer’s reset password link for his or her account. After learning a customer’s ID, the hacker can move to breach the user’s account and access classified information.


APPSEC-2067: Admin to Admin Cross-Site Scripting in Custom Attribute Labels


This security hazard can enable an administrator with limited permissions to employ a cross-site scripting attack on another administrator account.


PPSEC-2060: Overwrite Mass Reviews


This issue can potentially allow large amounts of reviews, information, and data to be overwritten with the use of specific configurations.


APPSEC-1936: Customer Data Accessible Within the Database


This security risk can permit an attacker to utilize a brute force attack with the hope of configuring the global/secret/key, located in the platform’s app/local database. That is where an attacker can then obtain the files containing the consumer’s days and decrypt to acquire the Magento user’s password from the sales quote table.


Performance Advancements


Alongside the various types of security corrections, you can also access the perks of several performance advancements after installing the Magento security patch SUPEE-10888 with the aid of Magento ongoing support from top Magento agency Forix. A few of these performance enhancements include:


APPSEC-2002: Automated Email After a New Admin Account Is Made


This new feature assists admins in distinguishing new administrator accounts by sending an email alert whenever a new administrator account is established.


APPSEC-1730: Doesn’t Force HTTPS Usage


This solution assures that downloaders are only able to use HTTPS connections.


The Magento managed support team at Forix can help you install and test Magento security patch SUPEE-10888 in a development atmosphere first to ensure that is working effectively.