TinyMCE Upgraded to Version 7.3 in October Security Patches
Adobe Commerce October security patches upgrade TinyMCE to version 7.3, addressing critical CVE-2024-38357 vulnerability.
As part of the October 2024 security patch cycle (APSB24-73), Adobe upgraded the bundled TinyMCE editor to version 7.3. This upgrade addresses critical security vulnerability CVE-2024-38357 and provides merchants with a more secure, modern content editing experience.
What is TinyMCE?
TinyMCE is the rich-text editor used throughout Adobe Commerce for creating product descriptions, CMS content, email templates, and other marketing materials. It's used by merchants, content teams, and marketers daily, making its security critical.
CVE-2024-38357 Vulnerability
The vulnerability addressed in TinyMCE 7.3 relates to potential XSS (cross-site scripting) attacks through the editor interface. In certain circumstances, attackers could inject malicious scripts through the editor, potentially compromising merchant accounts or stealing sensitive data. The vulnerability is particularly concerning for multi-user environments where content creators have access to the editor.
Upgrade Impact
The TinyMCE upgrade is automatically applied when merchants apply Adobe Commerce security patches. The new version maintains backward compatibility: existing editor configurations continue working without modification. Content created with previous versions displays correctly in 7.3.
User Experience Improvements
Beyond security, TinyMCE 7.3 includes usability improvements. The editor is faster, has better mobile support, and offers improved accessibility features. Content teams should notice a smoother editing experience across devices.
Testing Recommendations
Merchants should test content editing workflows after applying the patch. Whilst the upgrade is generally transparent, testing ensures that custom editor configurations and integrations continue functioning correctly. Pay particular attention to any custom plugins or toolbar customisations.
Ongoing Security
This upgrade demonstrates the importance of maintaining current platform versions. Security vulnerabilities are continuously discovered and patched. Merchants on current versions benefit from continuous security improvements. Those on older versions face increasing security risk as vulnerability information becomes public but patches remain unavailable.
Want to read more insights?
View All ArticlesRelated Articles
Continue reading with these related insights and updates from our team.
Product Recommendations Category Filter Fix Released
Product Recommendations category filter now respects store-view boundaries, preventing cross-store recommendation contamination.
October 2024: Supply Chain Security Updates
Tighter dependency control, CI/CD hygiene and vendor access reviews.
Live Search Advanced Search Capabilities Beta Launches
Live Search Advanced Search Beta introduces layered search with startsWith and contains operators for sophisticated product discovery.
Explore More Solutions
Adobe Commerce (Magento) Development
Expert Adobe Commerce (Magento) and Magento development in London
E-commerce Strategy
Strategic e-commerce consulting for digital growth
SEO Optimisation
Technical SEO for e-commerce websites
Design & UX
User experience design for e-commerce conversion