Virtually all versions of Magento CE before 220.127.116.11 and Magento EE prior to 18.104.22.168 are at risk. The cause of the vulnerability is a portion of code badly written in Magento’s core libraries, back-end, or administrative control panel. The type of vulnerability is stored Cross-site Scripting (XSS), probably the most vulnerable source for sites around the world.
All sites created or maintained by Deltamatica on a Magento basis have been updated within 2 hours after patch release. In the 24 hours following the release of the vulnerability, several attack attempts were detected.