this list compiled by the community is anything to go by (and the list will also be far from complete considering the number of extensions available).
So take heed and make sure your stores extensions are compatible with the SUPEE-6788 patch before you install it or a lot of your custom admin functionality could stop working.
That's the bad news, the good news is that the changes are actually very much restricted to the backend, and it's unlikely that the customer will see any issues, or find the store to break on the frontend.
Basically the main change which everyone is talking about is a change in the way you declare a custom router in admin. There are 2 ways in which you can do this:
- Declare your own router entirely and set a frontname used to route requests to your module. The frontname will appear in place of where you normally see 'admin' (or your custom admin url) near the start of the URL.
- Base your modules requests off the admin controller and add in logic to tell Magento to also check your module for a routing match.
This document linked to in the security announcement email tells you what changes you need to make to ensure your extensions will work with the new patch, but a quick and easy test for store owners is to just browse admin viewing pages related to any extensions you have installed. If you see anything at the start of the URL which is not the normal admin URL string you see on standard pages, i.e. instead of:
where 'custom' can be anything, then that extension will need to be patched to work with the new SUPEE-6788 patch. Note that this is not a complete test as extensions could easily accept requests outside of viewing an actual page in admin, but it should be a good indication even so.
Hopefully not too much information will be discovered about what vulnerabilities this patch fixes before developers and store owners can get all of the affected extensions updated.
UPDATE: So Magento have sent out an update - they have delayed release of the patch until early next week.
With the patch changes you should be free to install the extension straight away on your store, just remember to enable the admin routing section of the patch once all of the your extensions are up to date.