A group of Magento professionals have identified 63 vulnerable extensions, and are now releasing the Magento Module Blacklist to help merchants counter these attacks. The method is straightforward: attacker uses an extension bug to hack into a Magento store, download all of the other installed extensions. Merchants can quickly run it against their store setups, find where they are at risk and selectively upgrade their extension base as needed. Vendors generally fear loss of reputation and do not communicate about vulnerabilities. Merchants value stability above all, which does not fit well with a continuous upgrade policy.”]
Source: https://gwillem.gitlab.io/2019/01/29/magento-module-blacklist/