Moderately Critical Commerce Elavon Security Update


The Commerce Elavon module enables you to accept payments from the Elavon payment provider.

The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon (On-site) payment gateway, which could lead to leaking valid payment details as well as accepting invalid payment details.

This vulnerability is mitigated by the fact that an attacker must be able to spoof the Elavon DNS received by your site.

Install the latest version:

If you use the Commerce Elavon module for Drupal 8.x/9.x, upgrade to Commerce Elavon 8.x-2.3
If you use the Commerce Elavon module version 1.x for Drupal 7.x, upgrade to Commerce Elavon 7.x-1.5


Advertisement Here