Major security issue has been discovered in CRE Loaded versions 6.15, 6.2, 6.3 and 6.4.0. Vulnerability allows anybody to access store admin and gain control over CRE Loaded based website.
Despite this problem discovered relatively long time ago, many stores are still in danger and it is absolutely necessary to apply fix if your store is vulnerable. We have sent out a newsletter to notify all our customers about this, but we also post this notification on our website for those who have never ordered our services yet.
How to verify if website is vulnerable?
If, for example, you use http://www.example.com/admin/ URL to access store admin, try to open http://www.example.com/admin/orders.php/login.php. If you will not see login screen you are in danger!
What are the options?
There are two ways to fix this issue:
1) If you have coding skills and do not afraid to edit store files, download fix from "My Downloads" area on www.creloaded.com when you login to your account.
2) If you do not have enough skills we offer our services to help you. We charge a flat rate of $40 per fix and offer additional step to protect your store if future vulnerabilities of CRE Loaded admin panel will be discovered. We have added CRE Loaded Security Fix product to our store, so just buy it and provide FTP details in comments field when checking out.
If you have any questions regarding this or want us to check if your store is vulnerable don't hesitate to contact us.
