Magento is an Open source PHP code based e-commerce CMS (Content Management System).
As of this writing Magento has 194 listed CVE’s (Common Vulnerabilities and Exposures).
This is very few compared to WordPress’s 2,641 currently listed CVE’s.
What does a low number of CVE’s mean?
It means for the most part Magento is pretty secure (mostly due to the much lower number of Plugins and Themes available with CMS’s like WordPress or Joomla).
With that said, being intended for e-commerce puts it as a prime target when vulnerabilities are found and made public.
The most common hack we see on Magento sites is Credit Card theft.
Having credit card theft happening on your website is not something you want to happen.
It’s of the utmost importance to keep your Magento up to date and be aware of any security vulnerabilities that may exist and get them fixed immediately.
Sucuri recently found another credit card swiper in the wild.
Article Excerpt: Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.
As seen above, the first if statement looks for the checkout string in the URL using window.location.href.indexOf.