EDIT!
The italicized statement below is a lie! I just received an email alerting me to the fact that Zen Cart 2.0 was just released! Call me gobsmacked! This blog post is still valid but wowser! I’ll be posting about the new long awaited version in the near future. It’ll take me some time to see what the differences so stay tuned!
I haven’t posted in a long time and mainly because Zen Cart is so stable and there’s rarely news anymore.
But this one is a biggie. I don’t know of any carts being actually hacked but it is a script injection which could be a takeover for a site at some point. My experience says it probably won’t happen immediately. Scripts like that are sneaky and lie low for some time. I did see it happen in one cart immediately after the announcement yesterday, so don’t delay putting this fix in place.
By the way, I’ve already patched my maintenance customers – I’m still taking maintenance customers so something to consider. The monthly fees depend on who you use for hosting. If you use GoDaddy, I will not take you on.
The fix for both versions is not difficult – if you use FTP and can figure out where to put the files and run the sql file, then you are golden.
The files and instructions are here:
If you don’t want to attempt it, I’ll be glad to do it for you for only $50.
https://wiztech4zc.com/hosting/index.php?rp=/store/services/security-patch-2024
I will need your zen cart login and ftp access to do this so be prepared to give those details when you pay.
And a teaser. I’m working on a new version of my Ready-To-Go template that will incorporate more jQuery features that will give Zen Cart a more “modern” i.e. shopified, look. Stay tuned!