Web security firm Sucuri reports on their blog, that over 50% of all Magento installations haven’t applied a critical security patch (SUPEE-5344). Leaving them open to attacks. The security patch, to address a remote command execution (RCE) vulnerability, was released back in February.
This means hundreds of thousands of websites are vulnerable right now, worst yet they are Ecommerce websites. This means that they are used to sell goods online, capturing personal identifiable information (PII), including credit card information. The impacts of Magento websites getting compromised can be devastating for every online buyer that uses or has used a website built on the platform.
Read more at Sucuri Blog.