We have urgent information regarding the Ajax Search and Autocomplete extension for Magento 2. This news is also related to Argento users as the module is a part of Argento theme.
We found a possible XSS vulnerability in this module. In this article, you will see how to fix the issue and protect your website.
Luckily there are no reports that it was used yet. So please pay attention to this notification and let's act now.
How can you fix it?
- First we would suggest first to disable “Autocomplete suggestions” feature. Please go Admin - AjaxSearch - Main - Autocomplete suggestions. Set to No in Enable field.
- Update the Ajax Search module to the version 1.5.3 or Argento theme to the version 1.9.1. Please note we do offer Ajax Search release for free to all customers even in case the support time is over. You have simply to contact us and request a download. Please use SwissUpLabs Contact Us or Argento Contact Us forms.
- Also, we do offer a diff patch that you can manually apply to your store.
Please mention that this issue affects only Ajax Search and Autocomplete extension for Magento 2. It is so important to apply the patches and upgrade to the recent release immediately.
Let us know if you need any help!
can we enable Autocomplete suggestions after upgrading to Ajax Search module to the version 1.5.3 or Argento theme to the version 1.9.1 ?
Please advise soonest
thank you
Yes sure. You can use this feature after update to recent release.