Researchers have identified a serious vulnerability in Magento, the popular e-commerce platform owned by eBay. The security hole exposes the details of millions of individuals who shop on the hundreds of thousands of online stores that use Magento.

According to Check Point Software, unpatched versions of the platform are plagued by a critical remote code execution (RCE) vulnerability that can be exploited to compromise online shops powered by Magento. A malicious actor can gain access to credit card details and other financial and personal information belonging to the affected sites’ customers.