Security firm High-Tech Bridge issued a warning to retailers and shoppers about a critical vulnerability in the Zen Cart Shopping management system.
The security flaw could allow remote attackers to infiltrate web servers and gain access to customer data.
Servers running Zen Cart are also at risk of malware, meaning that hundreds of thousands of ecommerce sites pose a potential danger. That's not good for ecommerce merchants using the platform with the holiday shopping season in full force.
Technical details of the vulnerability are not yet being made public, but having notified Zen Cart of the issue High-Tech Bridge says the date of full public disclosure is 16 December.
Zen Cart was quick to issue a patch that it announced on Twitter.
Security patch announcement for Zen Cart v1.5.4 - small patch available to apply quickly. https://t.co/14IN6hP005 - Zen Cart (@ZenCart) November 26, 2015