General

Security Update for J2Store

Security has always been a priority at J2Store ensuring that all our products are safe from any exploits. Today, a security analyst provided us with an insight pointing to a security vulnerability that may lead to an unwanted SQL Injection attack.

This is made possible due to an array of integers that was found not escaped and only affects the sites that use the product options. J2Store versions 3.x to 3.3.6 are affected.

Therefore we released an update - J2Store 3.3.7 - addressing the issue.

 

Update Now

If you are using versions prior to 3.3.7, kindly update to the latest version as soon as you can. Should you need any assistance with updating to the latest version, please get in touch with us through the support request form

Our support staff will be able to assist you with the update to the latest version.

Download J2Store

Here is the complete changelog for J2Store 3.3.7

 

Subscription Expired?

If your subscription for J2Store PRO license expired, no worries. Use the following coupon to get 25% discount for purchasing/renewing the PRO license again: WELCOME25

Get PRO

 

Patch

We understand that not all of you are ready to update your site immediately or you might be running a customized J2Store versions. We have created a simple gist with instructions to patch the vulnerability.

Fix for J2Store 3.3.2 and lower
Go to: https://gist.github.com/rameshelamathi/6731ad8d2ec4be8d37d1195ae7d972e3

Fix for J2Store 3.3.3 to 3.3.6

Go to: https://gist.github.com/rameshelamathi/bf34b537fdca5cd5e96cc94d1c116687

You can follow the instructions to patch the vulnerability.

 

Credits

All credits goes to Andrei Conache  for discovering this issue.

 

Questions?

If you have any further questions, please free to reach out using the support request form

Subscribe to get updates from us