Webgility Security Vulnerability Update

Webgility provides a module/extension for our Magento customers that enables communication with our core product, Unify. A security vulnerability was discovered in this module on October 16th, 2018 that can be exploited maliciously to access sensitive Magento store data. We urge all Webgility customers who connect to Magento to upgrade their Webgility store extension to version 346.

We released version 345 of the updated module with a security patch for Magento on November 5th, 2018. Another vulnerability was discovered, so we released version 346 on November 22nd.

Multiple emails were sent to all affected customers with details on this upgrade. If you have already upgraded to version 346, no further action is needed.

Webgility has also automatically upgraded the extension for customers where possible; however, several hundred customers need to perform the upgrade themselves.

For detailed instructions on the upgrade process, please refer to this help video.

Our support staff is available if you have any questions or need help with the upgrade: support@webgiity.com, 877.753.5373 ext. 3.

We will keep this thread updated regularly with any other updates related to this patch.

Thank you,

Kinnar Vora (VP Engineering, Webgility)