Magento's Security Team urged users to install the latest released security update to protect their stores from exploitation attempts trying to abuse a recently reported remote code execution (RCE) vulnerability.
The issue is impacting Magento Commerce 2.3.1 and Magento Commerce 2.3.2 were security-only patch 2.3.2-p2 was not installed, as well as unsupported versions of Page Builder, such as Page Builder Beta.
"Merchants running Magento Commerce 2.3.x should install the latest security update to help protect their stores from potential malicious attacks that could exploit a
vulnerability in preview methods," Magento said.
"This vulnerability could enable an unauthenticated user to insert a malicious payload into a merchant’s site and execute it, which is why we recommend installing this update."
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild