Magesolution Security Update: Patches for Supply Chain Vulnerability

At Magesolution, the security of our customers’ stores is our highest priority. In the spirit of transparency, we are writing to inform you about a recent security issue and the immediate steps we have taken to resolve it.

A recent report from security researchers at Sansec, detailed by BleepingComputer on May 1, 2025, brought to light a coordinated supply chain attack affecting multiple Magento extension vendors. Also, we have confirmed that certain older versions of Magesolution modules were impacted by this vulnerability.

We have taken this report with the utmost seriousness, conducted a thorough investigation, and have already released patches for all affected modules. This post provides all the necessary information for you to secure your store.

What Happened?

The supply chain attack involved a malicious backdoor being inserted into a license validation file within certain third-party Magento extensions. According to reports, this code may have been dormant for a long period before being activated recently.

Upon learning of this, our security team immediately launched an investigation to determine which of our products were affected. We want to be clear: this vulnerability was not due to a flaw in the Magento core platform but was injected into specific files within the extension packages of several vendors, including Magesolution.

Affected Modules and Patched Versions

Our investigation has confirmed the vulnerability was present in older versions of the following modules. We have released new, secure versions for each one.

If you are using a version of these modules older than the one listed below, you must update immediately.

  • MGS_AdvancedReports: Patched in version 2.0.1
  • MGS_AjaxCart: Patched in version 2.0.1
  • MGS_Ajaxscroll: Patched in version 1.0.1
  • MGS_Blog: Patched in version 2.0.2
  • MGS_DeliveryTime: Patched in version 2.2.4
  • MGS_GDPR: Patched in version 1.0.1
  • MGS_GoogleRecaptcha: Patched in version 1.0.1
  • MGS_GoogleRichSnippets: Patched in version 1.0.1
  • MGS_Lookbook: Patched in version 1.0.1
  • MGS_Protabs: Patched in version 1.0.1

Immediate Actions: How to Secure Your Store

Please follow these steps to ensure your e-commerce store is protected.

1. Check Your Module Versions: In your Magento Admin Panel, navigate to check the versions of all installed MGS modules. Then, you can typically find this information under Stores > Configuration > MGS Extensions or by checking the composer.json or etc/module.xml file for each module.

Check Module Version
Check Module Version

2. Download the Secure Version: Log in to your account on the Magesolution website. Then, go to the “My Downloadable Products” section to find the latest, secure version of your purchased modules.

My Downloadable Products
My Downloadable Products

3. Update Your Modules: Carefully follow standard Magento procedures to update the extensions on your site. We strongly recommend creating a backup of your site before proceeding: php -d memory_limit=-1 bin/magento setup:upgrade

4. Clear Your Cache: After the update is complete, flush your Magento cache via the Admin Panel or command line (php bin/magento cache:flush) to ensure the changes take effect.

If you are unsure how to perform these steps or require assistance, please do not hesitate to contact our support team.

Our Commitment to Future Security

Customer trust is the bedrock of our business. Hence, this incident has reinforced our resolve to strengthen our security posture. Moving forward, we are committed to:

  • Comprehensive Code Audits: We are initiating a complete, line-by-line security audit of our entire portfolio of Magento extensions.
  • Enhanced Development Protocols: We are reinforcing our internal development and deployment pipelines with stricter security checks and access controls to prevent unauthorized modifications.
  • Third-Party Security Collaboration: We are engaging with third-party cybersecurity experts to review our processes and validate the security of our products.
  • Proactive Monitoring: We are implementing advanced monitoring tools to detect and respond to suspicious activity more rapidly.

Our Sincere Apology and Support

To sum up, we sincerely apologize for any concern or disruption this situation may have caused. We understand that the security of your online business is critical, and we regret that this vulnerability affected our products.

Moreover, our team is on standby to assist you through this update process. Please reach out to our Customer Support Portal with any questions or concerns.

Thank you for your understanding and continued partnership.

Sincerely,

The Magesolution Team

View All

Blog categories
Lastest News

All blog posts

  • Explore Microservice Architecture Benefits: Overall View
    Explore Microservice Architecture Benefits: Overall View

    Your business wants to use microservice architecture? Take it slow and read our article about microservice architecture benefits before. Microservices are gradually becoming a popular approach for e-commerce businesses. Records from Scholarhat show that 73% of large enterprises are using microservices architecture, instead of other traditional and rigid ones. That is also proof of the […]

  • Understanding Comprehensive Omnichannel eCommerce
    Understanding Comprehensive Omnichannel eCommerce

    Omnichannel eCommerce has become an increasingly popular strategy for retailers to provide a seamless shopping experience for their customers across multiple channels. In this article,  we will explore Omnichannel eCommerce and how to leverage Omnichannel eCommerce to optimize your customer experience in your business.   What is Omnichannel eCommerce? Omnichannel eCommerce is a sales strategy that […]

All blog posts