The Home for Magento 2 Excellence

Defense-in-depth protection against the PolyShell unrestricted file upload vulnerability (APSB25-94) affecting Adobe Commerce and Magento Open Source up to 2.4.9-alpha2, hardening image content validation and processing with polyglot file scanning and a strict extension allowlist. Supersedes the original markshust patch.

52 58,601 1 1.3.4 66d

Extends Magento native reCAPTCHA to integrate Google reCAPTCHA Enterprise using the official Google Cloud PHP client, with admin configuration for the Cloud project ID and service-account credentials.

0 69 0 1.0.0 72d

Adds CLI commands to toggle all CAPTCHA and reCAPTCHA settings on or off, with an option to also disable or re-enable Magento's two-factor authentication module.

0 9 0 v1.0.1 79d

Connects Magento orders to the Subuno anti-fraud API, automatically reviewing purchases for fraud risk and returning results to Magento so merchants can flag risky orders before shipping.

2 95 1 1.0.3 81d

Security hardening package bundling defensive mitigations that block file-type custom option uploads via the Web API (PolyShell / APSB25-94) and patch the frontend SessionReaper vulnerability.

0 41 0 1.0.0 86d

Validates custom option values before processing to prevent unauthorized file type injections via the PolyShell vulnerability. Checks option existence and enforces strict type matching for file-type custom options.

3 1,215 1 1.0.1 90d

Automatically scans and removes malware files from the Magento media directory every 15 minutes, protecting the store from uploaded malicious files.

0 4 0 1.0.0 96d

Mitigates PolyShell-style file upload abuse by blocking file custom option uploads and restricting allowed extensions to images only. Includes a CLI command to scan and clear suspicious files from the custom_options media directory.

0 734 0 1.0.5 97d

Manages Content Security Policy rules via Magento CLI, storing them in env.php for environment-specific control without database access. Includes automatic CSP header splitting to avoid size limits on servers.

0 234 0 1.0.1 97d

Adds Subresource Integrity (SRI) hash enforcement to Content Security Policy headers, ensuring that external scripts and stylesheets have not been tampered with before execution.

1 24 0 1.0.0 117d

Integrates Utanvet Ellenor risk assessment into Magento 2 checkout, filtering available payment methods based on risk scores and sending order outcome signals on status transitions.

0 2 0 1.0.0 129d