Magento has released new versions of Magento Commerce and Magento Open Source to increase product security:


Magento Commerce


Magento Open Source


SUPEE-10415 (patch for earlier Magento 1.x versions)


These releases contain multiple security changes that help close cross-site scripting and authenticated Admin user remote code execution vulnerabilities.


We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible.


Download and install the Magento Commerce updates by logging into My Account and navigating to the version you want to download.


Magento Open Source software is available from the Magento Open Source download page. (See How to Apply and Revert Magento Patches for Magento 1.x instructions.)


More information about these security changes is available on the Magento Security Center.  Full details are available in these release notes:

Magento Commerce Release Notes (1.14 and later)

Magento Open Source Release Notes (1.9 and later).


Ideally you should have your developer apply the patches.  Alternatively, please raise a ticket and Dx3webs will apply and ‘best endeavours’ basis.  (Please note we will backup your site.. apply the patches and request that you check that all is well. If not the best we can do is to roll back the patches at which time you will need to seek support from your developer)

Magento Hosting Specialists