займ на картукредит онлайн

MAGENTO SECURITY PATCH SUPEE-10975 RELEASED

SUPEE-10975, Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

Patches and upgrades are available for the following Magento versions:

  • Magento Commerce 1.9.0.0-1.14.4.0: SUPEE-10975 or upgrade to Magento Commerce 1.14.4.0.
  • Magento Open Source 1.5.0.0-1.9.4.0: SUPEE-10975 or upgrade to Magento Open Source 1.9.4.0.

 
There were several high CVSSv3 Severity issues found which affected the products Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0, Magento 2.1 prior to 2.1.16, Magento 2.2 prior to 2.2.7. Below are the few bugs:

Issue Type: Brute Force Login / Session Identifier

CVSSv3 Severity

Security Bug

Description

9.0

Stops Brute Force Requests via basic RSS authentication

Attacker is able to brute force requests to the RSS nodes that require admin authentication. With this, attacker would be able to guess the admin password.

 

Issue Type: Compliance Requirement

9.0

M1 Credit Card Storage Capability

Removes functionality enabling M1 customers to store credit card data in the database.

 

Issue Type: Remote Code Execution (RCE)

8.5

Authenticated RCE using customer import

Restricts Admin users with access to edit product attributes from running customer imports while executing arbitrary code using a serialized string that have been set as validate_rules on an attribute.

8.5

API Based RCE Vulnerability

By activating an API, including the ability to add products, it is possible to send base64-encoded content to an unauthorized file and with it, excute an RCE

8.5

RCE Via Unauthorized Upload

Prevents a user from uploading unauthorized files while attaching videos

8.5

Authenticated RCE using dataflow

Prevents Admin users with access to dataflow functionallity from executing arbitrary code using a specially crafted serialized string

Source: Magento

It is highly recommended by Magento to deploy these new releases right away, to ensure optimal security and performance. Remember to implement and test the patch in a development environment first to confirm that it works as expected or consult a professional.

What else can be done to protect a Magento site?

Apart from installing the security patches, you can always ask Magento certified professionals to conduct a security audit every quarter to ensure that your store is secured especially if you have installed new extensions and made some changes to the site.
&nbps;

Consult our certified Magento developers, if you want to implement this security patch or have any questions regarding the Magento security SUPEE-10975 patch, please contact our support team.

Black Friday & Cyber Monday: Two Superpowers Joined for your Benefit!

As winter is coming so soon, we are happy to announce that 2018 Black Friday & Cyber Monday season of discounts in the Aheadworks store has started.

Black Friday & Cyber Monday: Two Superpowers Joined for your Benefit!

Wanna purchase any extension in our store, but the prices make your wallets cry? Or maybe you have already chosen some extension in our store but put off a purchase by some reasons…

Finally, you are our valued loyal customer and look forward when Magento extensions sale begins…

Certainly, now it’s high time for you to start shopping!

Two great sale days…

Two forces aligned to make happy each vendor…

And… Finally!

Seven days to reasonably spend money on the solutions which are to improve the state of your Magento-based store!

From November 20 until November 27, you can buy our products at a special discount. Apply the Black18 coupon and obtain Magento extensions or theme in the Aheadworks store at a 25% discount. The offer is valid for the whole mentioned period.

Be the part of our great Magento extensions Black Friday & Cyber Monday sale!

Add Free Product to Cart for Magento 2 Makes your Promo Campaigns Capturing and Rewarding

Discounts and products as gifts. Some people hate them, some people no.

Add Free Product to Cart for Magento 2 Makes your Promo Campaigns Capturing and Rewarding

But where is the truth? Maybe the truth is some people can use discounts in the way it helps their business and some people have no ideas how to launch such promo campaigns effectively. Let’s get a deal with it!

Anyway, despite your attitude to the discounts, there are some cases when you are definitely recommended to go in for some kind of charity in the form of discounts or free products added to shopping carts. Thus, you will have to carry such promos to get rid of slow-selling or seasonal shopping items and to free up your stocks.

More to that, customers are not crazy about spending money to obtain an expensive product if they are not sure that they will actually like it. They will prefer to test a free sample of the product to understand whether it is worth investment. This is particularly useful for such industries as perfume, food, fabrics, and other materials – anything which you need to taste, smell, estimate tactile qualities, etc.

Also, promos with discounts or items for free are good for the businesses which have the primary goals to increase their brand awareness and build lifetime relationships with their clients.

Thus, there are at least three solid reasons why you will need to hold such kind of promos. The main point here is to realize how to start and estimate promos reasonably. Add Free Product to Cart, our new module for Magento 2, successfully meets these conditions allowing store admins not only to arrange the promos but to evaluate campaign effectiveness.

What Makes Magento 2 Add Free Product to Cart Especially Valuable?

The core extension functionality connects with the ability to add promo items to cart automatically:

  • ability to offer the products on the category, product or cart page;
  • simple, virtual, downloadable and configurable product type support;
  • pre-configured product support;
  • promotional blocks;
  • high-level dashboard;
  • integration with the Product Labels extension.

Advanced Subscription Products for Magento 2: Get Steady Profits with Flexible Subscription Options

Many e-commerce merchants deal with the problem of the insufficient average order value in their stores.

Advanced Subscription Products for Magento 2: Get Steady Profits with Flexible Subscription Options

One way to overcome this setback is to encourage customers to make repeat purchases. But what means to use for this purpose?

The answer is – product subscriptions. Customers will be charged once in a certain period, and you can anticipate your future income without a worry in the world.

Already excited and want to get a perfect subscription functionality? Try our brand-new Advanced Subscription Products extension for Magento 2!

Magento 2 Advanced Subscription Products Overview

With this module, you can assign subscriptions to products as well as share the existing subscriptions among them. Once the plan has been created, you can add it to your products. So, the whole operation is seamlessly performed on the product level. Learn how it all goes in our User Guide.

Per-product Subscription Configuration

Per-product Subscription Configuration

That’s it! Now your customers can add subscriptions to their carts by selecting the appropriate option in the provided selector. In the dedicated ‘Subscription details’ block, shoppers can estimate expenditures by viewing subscription payments already calculated per plan.

Subscription Plan Selector

Subscription Plan Selector

Advanced Subscription Products Main Features

  • Add a subscription option to almost any product in your store, including the simple, configurable, virtual, and downloadable ones;
  • Provide subscribers with the necessary purchasing flexibility by allowing them to add both subscriptions and one-off purchases to the same shopping cart;
  • Encourage customers to purchase more subscriptions by grouping subscriptions with the same delivery date in one order (at the delivery price of one);
  • Notify customers about their subscription billing status with email alerts.

MAGENTO SECURITY PATCH SUPEE-10888 RELEASED

SUPEE-10888, Magento Commerce 1.14.3.10 and Open Source 1.9.3.10 contain multiple security enhancements that help close cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

Patches and upgrades are available for the following Magento versions:

  • Magento Commerce 1.9.0.0-1.14.3.10: SUPEE-10888 or upgrade to Magento Commerce 1.14.3.10.
  • Magento Open Source 1.5.0.0-1.9.3.10: SUPEE-10888 or upgrade to Magento Open Source 1.9.3.10.

 
There were several CVSSv3 Severity issues found which affected the Magento products. Below are the few bugs:

Issue Type: XML injection

CVSSv3 Severity

Security Bug

Description

6.9

Authenticated Unauthorised Data Access Via Layout Injection

An administrator with limited permissions might be able to obtain information outside of his permissions.

 

Issue Type: General: Cross Site Scripting (reflective)

6.1

Reflective XSS against Admin Panel

Arbitrary JS can be triggered on the sales order grid page by manipulating one of the URL parameters.

6.1

Admin to Admin XSS in configurable custom attribute label

Administrator with limited permissions might be able to use XSS attack on another administrator.

 

Issue Type: Privilege Escalation & Enumeration: Information Exposure

5.9

Overwrite all Reviews

In specific configurations, it might be possible to overwrite reviews.

N/A

Reset password URL includes the customer ID

The reset password link for a customer account includes the customer ID. An attacker can use the customer ID to gain access to the customer account, despite the use of a token.

Source: Magento

It is highly recommended by Magento to deploy these new releases right away, to ensure optimal security and performance. Remember to implement and test the patch in a development environment first to confirm that it works as expected or consult a professional.

What else can be done to protect a Magento site?

Apart from installing the security patches, you can always ask Magento certified professionals to conduct a security audit every quarter to ensure that your store is secured especially if you have installed new extensions and made some changes to the site.
&nbps;

Consult our certified Magento developers, if you want to implement this security patch or have any questions regarding the Magento security SUPEE-10888 patch, please contact our support team.

Customer Group Catalog Permissions by Aheadworks: Manage the Visibility of the Website Catalog Elements for Different Customer Groups to Boost Your Profits

Many businesses are engaged either in B2C or in B2B spheres. By the way, there are companies who cover two segments, as they work both with B2C and B2B simultaneously. Customer Group Catalog Permissions by Aheadworks: Manage the Visibility of the Website Catalog Elements for Different Customer Groups to Boost Your Profits

It’s clear that such an approach complicates store operation because retailers and wholesalers purchase the products at the different prices. More to that, the set of products available for purchasing can be different depending on who are your customers: retailers or wholesalers. It means that the definite customer segments are eligible to obtain only definite products.

Note that customer segmentation doesn’t limit to wholesalers or retailers. There are many other customer groups with the specific trading conditions.

All the above mentioned issues have lead to the necessity to manage the visibility of the specified store catalog elements based on shopper segments.

The Сustomer Group Catalog Permissions extension provides control over the visibility of Magento 2 based website content for various customer groups thus to divide your store catalog between wholesalers, retailers, and many other relevant client segments.

What Makes the Extension Different:

  • Ability to divide a store catalog between different customer groups;
  • Hiding such catalog elements from specified customer groups as categories, products, CMS Pages both individually and in bulk;
  • Customer redirection set-up;
  • Customized message display instead of hidden prices and/or add to cart buttons;
  • Ability to update/delete permissions in bulk.

Product Labels for Magento 2: Promote your Products with Catchy Labels

Striving for higher sales, e-commerce merchants are in constant search for new promotional tactics. How to make products in a store more appealing to shoppers? Obviously, here one should think about proper visualization.

Product Labels for Magento 2: Promote your Products with Catchy Labels

Aheadworks is glad to offer you a solution. Welcome our brand-new Magento 2 extension – Product Labels!    

Magento 2 Product Labels Overview

Make your promotional campaigns truly eye-catching with the Product Labels module! How exactly? Simply by putting vivid labels on them!  And the word ‘simply’ is the key here. Make all your tweaks in a handy editor to create labels of custom look and with custom promotional messages. To top it all off, you don’t need any extra design skills for this!

So, with our Product Labels extension, you can highlight distinctive product features valuable for customers or announce some promotional info (discounts, stock status, customer choice, you name it).

Magento 2 Product Labels Main Features

  • Tailor labels to your promotional goals by choosing among the three available options: CSS shape, uploaded image, or text only;
  • Design labels in a comfy CSS editor;
  • Choose an appropriate label position on product images or next to product prices just to make products more presentable;
  • Put multiple labels on the same products to promote them by several campaigns at once;
  • Set conditions to put labels on particular products or whole product categories;
  • Use variables to specify product-adjusted label messages (and use different messages for different store views).

Announcing MagePlus Hosting Plans by Aspiration Hosting

Aspiration Hosting is pleased to announce 3 new hosting plans: MagePlus Basic, Standard, and Advanced offering Magento as a service.

Announcing MagePlus Hosting Plans by Aspiration Hosting

Merchants get the benefits of the services like Shopify and BigCommerce: upgrades, configuration support, and training. However, MagePlus plans come with the unlimited growth potential of Magento.

Now you don’t need a programmer to quickly build a new store. But you can still use a specialist to customize Magento, if you wish.

You can set up your MagePlus store in a single day. Our experts will install Magento and help you configure it, install the theme of your choice, and help you configure the whole store.

We provide 24-hour support through live chat, help desk, or phone. MagePlus comes with everything, from quarterly upgrades to new features and enhancements. Every client gets the Magento admin support services as well.

All our servers are protected by firewalls. We use strong IPTABLE rules that block all requests from IP addresses frequently acting as a source of abusive activities.

Customer Success Story: How Sewing Studio Used ConnectPOS with Gift Card and Reward Points by Aheadworks

We always glad to hear how our solutions help e-commerce marketers from all over the globe successfully conduct their business. And today, we’ll bring you one great example.

Customer Success Story: How Sewing Studio Used ConnectPOS with Gift Card and Reward Points by Aheadworks

Sewing Studio, one of the largest sewing equipment sellers in the UK, looked for ways to effectively provide its services across all sales channels.

For better ecommerce performance, Sewing Studio moved its websites to Magento 2. Another challenge was finding a POS system that will work with Magento out of the box (instead of a less friendly dedicated solution). So, the choice fell on ConnectPOS.

Free Webinar by Aheadworks: Refer a Friend extension for Magento 2

We’re continuing to perform series of webinars. Our last webinar dedicated to the Refer a Friend extension for Magento 2 took place June 14th, 2018. And for those who had no opportunity to attend our webinar, we have prepared the video.

Free Webinar by Aheadworks: Refer a Friend extension for Magento 2

Once again, let us present you a piece of information related to Refer a Friend for Magento 2!

What is the Refer a Friend extension?

The Refer a Friend (RAF) extension for Magento 2 provides an easy algorithm of creating customer referral programs equally profitable for merchants and their customers.

What problems Refer a Friend extension can solve?

  • The product allows you to launch your own refer-a-friend program that is impossible to make with the native Magento functionality.
  • 30% of satisfied customers have a strong will to refer their favorite products and services, but only 5% of them actually do it. The extension gives an impetus to encourage the rest 25% of happy clients to refer the products and/or services they like to their friends or relatives.
  • The broad functionality can cause some complexities when you manage the extension, but we have equipped it with human-readable referral program rules.

MAGENTO SECURITY PATCH SUPEE-10752 RELEASED

SUPEE-10752, Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 contain multiple security enhancements that help close authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF) and other vulnerabilities.

NOTE: Conflicts during installation of the patch SUPEE-10752 are caused most often by having version 1 of the previous patch installed (SUPEE-10570v1). Please make sure to remove SUPEE-10570v1 and install SUPEE-10570v2 prior to installation of SUPEE-10752.

Patches and upgrades are available for the following Magento versions:

  • Magento Commerce 1.9.0.0-1.14.3.9: SUPEE-10752 or upgrade to Magento Commerce 1.14.3.9.
  • Magento Open Source 1.5.0.0-1.9.3.9: SUPEE-10752 or upgrade to Magento Open Source 1.9.3.9.

 
There were several CVSSv3 Severity issues found which affected the Magento products. Below are the few bugs:

Issue Type: Remote Code Execution (RCE)

CVSSv3 Severity

Security Bug

Description

9.8 (Critical)

Authenticated Remote Code Execution (RCE) using custom layout XML

Admin users with permission to manage products can use custom layout XML to copy any file to any location.

9.8 (Critical)

Authenticated Remote Code Execution (RCE) through the Create New Order feature (Commerce only)

Users with permission to generate sales orders from the Admin panel can use gift card functionality to manipulate request data and inject a malicious string that is later unserialized.

8.9 (High)

PHP Object Injection and RCE in the Magento admin panel (Commerce Target Rule module)

An administrator user with access to the Enterprise Target rule module can create rule-based product relations that can be manipulated to trigger remote code execution.

8.9 (High)

PHP Object Injection and Remote Code Execution (RCE) in the Admin panel (Commerce)

An administrator user with access to the Commerce Target rule module can create rule-based product relations that can be manipulated to trigger remote code execution.

 

Issue Type: SQL Injection (SQLi)

8.2 (High)

Authenticated SQL Injection when saving a category

Arbitrary JS can be triggered on the sales order grid page by manipulating one of the URL parameters.

8.2(High)

Admin to Admin XSS in configurable custom attribute label

By manipulating request data when saving a category, a user can insert a malicious string into the database that can be used in a subsequent request to perform SQL injection. This injected code can be used to trigger arbitrary (with the proviso they fit in the 255 char field) insert and update commands.

 

Issue Type: Cross Site Request Forgery (CSRF)

7.4 (High)

CSRF is possible against Web sites, Stores, and Store Views

Multiple CSRF vulnerabilities allow for deleting websites, stores or store views.

 

Issue Type: Security Implementation Flaw

7.4 (High)

The cron.php file can leak database credentials

The cron.php file can leak database credentials if it is not able to establish a connection to the database.

Source: Magento

It is highly recommended by Magento to deploy these new releases right away, to ensure optimal security and performance. Remember to implement and test the patch in a development environment first to confirm that it works as expected or consult a professional.

What else can be done to protect a Magento site?

Apart from installing the security patches, you can always ask Magento certified professionals to conduct a security audit every quarter to ensure that your store is secured especially if you have installed new extensions and made some changes to the site.
&nbps;

Consult our certified Magento developers, if you want to implement this security patch or have any questions regarding the Magento security SUPEE-10752 patch, please contact our support team.

GDPR 1.0 Guarantees Straightforward Customer Personal Data Management in Compliance with the Main GDPR Regulations

As we all know, GDPR came into force on May 28, 2018, and now, it affects a lot of ecommerce businesses in Europe and abroad.

GDPR 1.0 Guarantees Straightforward Customer Personal Data Management in Compliance with the Main GDPR Regulations

In this light, many entrepreneurs are interested in some solutions that would allow them to follow the regulation terms and provide customers with all the rights they can require.

And today, Magento 2 merchants have a great chance to effectively shape their business in general and manage user privacy policy in particular according to GDPR regulations with our brand new extension.

Welcome! GDPR 1.0 for Magento 2 is released!

GDPR for Magento 2

The GDPR module collects customer consents to process their personal data and allows you to stay compliant with the most essential GDPR regulations, including the right to access, copy, change, transfer, and erase customer personal data effectively.

What makes it different

  • Be compliant with the main GDPR regulations by allowing customers to access, copy, change, transfer, and delete their personal information;
  • Collect data consents on registration, checkout, and other website pages;
  • Allow customers to send data access, transfer, and deletion requests right from their personal accounts;
  • Verify customers by email in order to avoid frauds;
  • Track customer statuses on the backend;
  • Use the extension API to get and delete data from third-party solutions.

Top Web Hosting Trends in 2018

The importance of web hosting for the digital market grows at tremendous speed. Given this, website owners should always keep an eye on its updates in order to stay on the cutting edge.

Top Web Hosting Trends in 2018

Today, we will discuss the latest web hosting trends that should be definitely considered by every online business. So, let’s get started with cloud hosting.

Cloud Hosting

It’s predicted that soon, cloud hosting solutions will prevail over the entire web hosting market. Due to the high security and uptime, thousands of online brands opt for them.

Briefly, cloud hosting works in the following way: the cloud server itself consists of physical servers located in a secured room. Websites are hosted on virtual servers that obtain resources from this network of physical servers. Still, cloud hosting services are not that expensive, which makes them quite affordable for businesses with small budgets looking for a good value for money.

Although cloud servers are based on physical ones, in fact, they are virtual, which excludes the possibility of any hardware issues slowing down or even interrupting website’s work. So, if some outage still occurs, the system will automatically switch to another server to prevent the site from going offline.

Advanced Reviews 1.0: Collect Customer Reviews through On-site Review Forms and Email Review Reminders

The importance of online reviews for efficient and prolific sales is more than significant.

Advanced Reviews 1.0: Collect Customer Reviews through On-site Review Forms and Email Review Reminders

Almost every customer and every visitor pay attention to the feedback left by other people to make sure that both offered products and provided services worth their attention and money. The majority of visitors read 4-6 online reviews before they make a positive opinion about a business and trust it much enough to purchase from it.

So, it’s obvious that any online store needs a lot of reviews, but the thing is that getting them is not that easy. However, the Advanced Reviews extension for Magento 2 is that proper solution which is able to simplify the process of collecting reviews and make them look good and professional.

What Makes the Extension Different

  • Email review submissions. Make significantly more reviews allowing customers to submit them right from notification emails;
  • Review comments. Answer questions, establish your own view, and provide professional clarifications via comments added to reviews;
  • Review summaries. Allow customers to embrace the tone of all reviews at a glance with the provided review summary blocks;
  • Voting for Helpfulness. Allow customers to highlight the most useful reviews and distinguish them by voting for their helpfulness;
  • ‘Verified Buyer’ badge. Show verified customers and their reviews clearly;
  • SEO Adjusted. Make your reviews appear in Google snippets using the schema.org markup.
  • GDPR Compliance (the right to be forgotten). If a reviewer deletes his/her account from a website, his/her review will then be signed as the review left by a guest visitor.

Refer a Friend 1.0 by Aheadworks: Boost Sales via Flexible Customer Referral Programs

Making more sales without any extra effort is a cherished dream of any entrepreneur. Still, who told that it is purely impossible under the sun.

Refer a Friend 1.0 by Aheadworks: Boost Sales via Flexible Customer Referral Programs

Magic aside, there are some excellent opportunities to involve customers in a great game mutually beneficial for both Magento store owners and their brand advocates. And, the one we’d like to offer you this time is customer referral programs or, to be exact, the refer-a-friend functionality.

The Refer a Friend extension for Magento 2 (RAF) is a new version of our Magento 1 module, which is a proven refer-a-friend solution popular among our customers. So, the new extension is made upon the same high-quality standards of functioning and code development.

Refer a Friend for Magento 2

The idea behind the extension is straight and simple. It allows you to motivate existing customers to look for and attract new shoppers using the benefits of the word-of-mouth effect.

What Makes Us Different

In addition to standard functions that will be described a bit later, we’d also like to focus your attention on some distinctive benefits of the extension, which distinguish it from other solutions:

  • Customer referral programs are easily launched, managed, and maintained;
  • Rewards are available for both brand advocates and their friends;
  • The module is integrated with the AddThis and ShareThis social media services;
  • The statistics of referral program performance is available for brand advocates and Magento admins;
  • The module is GDPR compliant (the right to erasure customer data).

Now, when the prerequisites are determined, we can proceed to the extension configuration and then see it in action on the frontend.