Magento Version Checker
Find out exactly which Magento (Adobe Commerce) version any store is running, whether it is out of date, and which CVEs affect it. Free online tool, no installation, runs right in your browser.
Used by merchants, agencies, and developers to audit Magento and Adobe Commerce stores
Pinpoint the Release Train
Identify the Magento major.minor version even when the store hides the obvious markers, by combining multiple passive signals with the version endpoint.
- Static asset path fingerprints
- Storefront config & cookies
- /magento_version endpoint
- Open Source vs Adobe Commerce
Out-of-Date Check
Magento end-of-life and security-only windows move fast. We flag whether the detected train is still supported and receiving patches.
- Current vs superseded train
- Security-patch status
- Upgrade-path guidance
- Live lifecycle data
Known CVEs Surfaced
The version check runs the full scan, so you also see the vulnerabilities tied to that Magento release, filtered to cut false positives.
- 100K+ CVE cross-reference
- Version-precision filtering
- CVSS severity scoring
- One scan, full picture
Why Your Magento Version Matters
Magento powers high-value checkout flows, which makes it a constant target. Campaigns like Magecart have skimmed card data from thousands of out-of-date stores. Each Magento release ships security patches, and once a train is superseded its vulnerabilities are public knowledge. Knowing the exact version a store runs is the first step to closing that gap.
Frequently Asked Questions
How do I check what Magento version a store is running?
Enter the store URL above and run the scan. ScanTower fingerprints Magento (Adobe Commerce) from static asset paths, cookies, and the storefront markup, and where the store exposes it, reads the /magento_version endpoint to confirm the release train.
Can you tell Magento Open Source from Adobe Commerce?
In most cases, yes. The scan separates the major.minor release train (for example 2.4) from edition signals so you can see whether a store runs Magento Open Source or the commercial Adobe Commerce edition.
Why does Magento sometimes only show a 2.4 version and not the exact patch?
Magento deliberately exposes only the major.minor train at /magento_version, and storefront markup rarely includes the patch (-pN) suffix. We report the most precise version the store reveals and avoid flagging patch-level CVEs we cannot confirm, so you do not get a wall of false positives.
Does this tell me if the store is vulnerable?
Yes. The version check runs the full scan, cross-referencing the detected Magento release against a 100K+ CVE database so you see the known vulnerabilities that affect that version, scored by severity.
Is checking a store's Magento version legal?
Reading the version a public storefront already advertises is passive reconnaissance. You should only run deeper authenticated scans on stores you own or are authorized to test, which is why the tool asks you to confirm permission.
Related free tools
WordPress Version Checker
Detect any site's WordPress core version and whether it is out of date.
Drupal Version Checker
Find the Drupal core version any site is running.
Website Technology Checker
Identify the full tech stack: CMS, frameworks, servers and more.
JavaScript Vulnerability Scanner
Find vulnerable JS libraries loaded by a store, a common Magecart vector.
Exposed Secret Scanner
Detect API keys and credentials leaking in front-end code.
Malware Scanner
Scan a store for injected scripts and skimmers.
That's Just the Beginning
FREEThis Magento Version Check scan caught some issues. Run a Full Security Scan to uncover hidden threats like exposed secrets, malicious scripts, and supply chain attacks this quick check missed.