We had a serious security issue when submitting an order through the back end.
After the order was created, and the invoice sent, we received a call from the client letting us know their credit card information along with the CCV was available in clear.
This does not happen when an order is submitted by the customer on the front end but only if the order is created by an admin on the back end.
We are currently on 126.96.36.199.
Thank you for your help.