Source: https://www.todhost.com/blog/spam-management-on-a-joomla-website.html

Is Magento seeing the end of its life cycle. Many will think so with the news of a major security flaw. "Shoplift Bug" "Shoplift" bug which allows an attacker to take complete command of a Magento store and its server.

First came the news of eBay looking to sell eBay Enterprises, the parent company of Magento, leaving the future of Magento itself unclear. Now Magento faces one of the most bizarre security releases ever.

In January 2015, a security company called Check Point found a high critical security flaw in all Magento sites. The "Shoplift" bug.

Check Point disclosed this issue privately to Magento in January with a list of suggested fixes to eBay.
On February 9: Magento released a patch for the security flaw. The patch SUPEE-5344 was not marked as a security release and was behind a login wall.
Mid-April: Check Point notified Magento that they will finally publish details of the bug.
April 16: Magento sent out a second, more urgent email to its mailing list.
April 19: Magento placed a warning message inside the dashboard of Magento sites.
April 20: The security issue was made public by Check Point.

Magento's handling of the issue has been criticized and anyone downloading Magento today will be vulnerable as the community version of Magento hasn't been updated since 2014.

Of critical concern is that 10 weeks after the patch was released, 60% of Magento sites remain unpatched, according to the creators of a test to see whether websites are vulnerable to the Shoplift bug. The handling of this critical bug could mark the end of an already slugish software - Magento e-commerce.