Lucene search
K
JoomlaMost viewed

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/15 12:0 a.m.•19 views

[20260514] - Core - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS5.8AI score0.00292EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/06/30 12:0 a.m.•19 views

Advanced custom fields, 2.7.7, SQL Injection

Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/07/12 12:0 a.m.•19 views

quickform, , Other

Developer states exploit is "hack yourself" scenario...

6.9AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/19 7:21 a.m.•19 views

eXtplorer 2.1.12 various

eXtplorer 2.1.12 various Update Notice URL https://extplorer.net/news/24...

0.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/22 12:0 a.m.•19 views

kunena, ,XSS (Cross Site Scripting)

kunena,5.1.3,XSS Cross Site Scripting...

1.6AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/03 12:0 a.m.•19 views

Kunena,5.1.9,XSS (Cross Site Scripting)

Kunena,5.1.9,XSS Cross Site Scripting https://www.kunena.org/blog/203-kunena-5-1-10-released...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/23 12:0 a.m.•19 views

Edocman,1.1.17,SQL Injection

Edocman,1.1.17,SQL Injection Extension Update Details Fix security issue on Joomla SQL injection from previous Edocman version. new version number 1.11.8 UpdateNotice URL...

8.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/24 11:52 a.m.•19 views

music collection, 3.0.3 ,SQL Injection

music collection, 3.0.3 ,SQL Injection Developer statement: currently at version 3.0.6, this was already fixed in 3.0.4...

4.4AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/13 12:0 a.m.•19 views

Forms by Balbooa.com,1.7.2,Information Disclosure

Forms by Balbooa.com,1.7.2,Information Disclosure Resolution: update to 1.7.4 there was a previous update 1.7.3 which did not entirely fix the issue update notice: https://support.balbooa.com/forum/joomla-forms/5441-balbooa-joomla-forms-v-1-7-4...

Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/02/20 12:0 a.m.•19 views

JS Jobs, 1.1.9, SQL Injection

JS Jobs by Joomsky, versions 1.1.9 and previous, SQL injection resolution: update to version 1.2.0 update notice: http://www.joomsky.com/products/js-jobs.html...

1.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/16 12:0 a.m.•19 views

AppointmentBookingPro,4.0.1,SQL Injection

AppointmentBookingPro, 4.0.1, SQL Injection Resolution: update to 4.0.2 RC2 Update notice: https://appointmentbookingpro.com/support2/an2/17169-joomla-vel.html...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/08 12:0 a.m.•19 views

BookLibrary,3.6.14,SQL Injection

BookLibrary by Ordasoft, 3.6.14, SQL Injection Resolutiion: Update to 3.6.15 Update notice: http://ordasoft.com/News/News/book-library-security-update.html...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/02/02 12:0 a.m.•19 views

joomunited SEO Glossary ,pre 2.2.4,Other

joomunited SEO Glossary , pre 2.2.4,Other Developer statement in mass email to registered users We just fixed an SEO Glossary vulnerability, an update to version 2.2.4 is required as soon as possible. https://www.joomunited.com/changelog/seo-glossary-changelog Fix informed by user...

1.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/12/19 12:0 a.m.•19 views

DT Register, sql/xss, 3.1.12 / 2.8.18 and previous

DT Register Vulnerable version: 3.1.12 / 2.8.18 and previous sql/xss http://www.dthdevelopment.com/dth-news/dt-register-3.1.13-security-release.html http://www.dthdevelopment.com/joomla-components/dt-register-event-registration-for-joomla.html developer did not inform VEL...

1.6AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/29 12:0 a.m.•19 views

JSN Power Admin,2.3.0,XSS (Cross Site Scripting)

JSN Power Admin,2.3.0, XSS Cross Site Scripting Resolution: update to 2.3.2 Update notice: http://www.joomlashine.com/knowledgeportal/articles/jsn-poweradmin-vulnerability-problem-solved.html Note that previous security release 2.3.1 is still vulnerable, and should be updated...

6.3AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/04/14 8:13 p.m.•19 views

ECommerce-WD [com_ecommercewd],1.2.5, maybe earlier

ECommerce-WD comecommercewd,1.2.5, maybe earlier,SQL Injection developer statement This vulnerabilities are fixed in version 1.2.6 and above. The version 1.2.6 was released on 2015-03-18...

7.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/02/13 5:21 p.m.•19 views

Gallery WD version 1.2.3 and previous

Gallery WD version 1.2.3 and previous XSS Cross Site Scripting Resolution: Update to version 1.2.5 Update notice URL: http://web-dorado.com/products/joomla-gallery.html...

0.8AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/01/14 4:52 p.m.•19 views

EDVAS blank template pre 3.5.1

Blank bootstrap edition Template : Update Details http://github.com/Bloggerschmidt/Blank-Bootstrap-Edition/releases/tag/v3.5.1 See https://github.com/Bloggerschmidt/Blank-BootstrapEdition...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/12/02 1:48 a.m.•19 views

HDFLVPlayer, 2.0, Directory Traversal

HDFLVPlayer, 2.0, Directory Traversal Contus/apptha developers statement We fixed the directory traversal issue and updated the version with 2.2 UpdateNoticeURL http://www.hdflvplayer.net/hd-flv-player-download.php...

2.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/08/21 4:9 a.m.•19 views

Akeeba backup

https://www.akeebabackup.com/home/news/1561-security-updates-august-2014.html 3.2.0-3.2.7, 3.3.0-3.3.13, 3.4.0-3.4.3, 3.5.x, 3.6.0-3.6.12, 3.7.x, 3.8.0-3.8.2, 3.9.x, 3.10.x, 3.11.0-3.11.3...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/08/06 12:12 a.m.•19 views

JChatSocial, 2.2 and lower

JChatSocial, 2.2 and lower, XSS Cross Site Scripting...

2.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/03/05 12:0 a.m.•19 views

[20140303] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/03/04 12:0 a.m.•19 views

[20140302] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in comcontact...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/02/08 9:53 p.m.•19 views

ODude Profile

ODude Profile Directory Traversal vulnerability - 777 developer statement ODude Profile | 3.2 | http://www.odude.com/main/profile/profile-changelog.html ---|---|---...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/06/01 9:27 p.m.•19 views

CiviCRM 4.3.3 and previous

CiviCRM, = 4.3.3, XSS Cross Site Scripting Update Notice URL http://civicrm.org/blogs/colemanw/security-release-civicrm-434...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/04/27 2:51 p.m.•19 views

aiContactSafe 2.0.19

xss 160413 developer release statement for version 2.0.21 Authors:...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/02/20 8:37 p.m.•19 views

worldrates

http://dev.pucit.edu.pk/120410 Authors:...

7.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2010/02/21 12:0 a.m.•19 views

[20100423] - Core - Negative Values for Limit and Offset

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/08/29 12:0 a.m.•19 views

[20080903] - Core - com_mailto Spam

The mailto component does not verify validity of the URL prior to sending...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/08/26 12:0 a.m.•19 views

[20080904] - Core - Redirect Spam

Several components utilize a passed in URL to redirect to after processing. These URLs are not validated prior to the redirect. A crafted URL can cause the system to redirect to a spam or phishing site...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/20 12:0 a.m.•18 views

[20260518] - Core - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

9.8CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/11/14 12:0 a.m.•18 views

[20260101] - Core - Inadequate content filtering for data URLs

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

8.4CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/09/19 12:0 a.m.•18 views

[20250102] - Core - XSS vector in the id attribute of menu lists

Lack of output escaping in the id attribute of menu lists...

7.5CVSS5.9AI score0.00404EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/02/20 12:0 a.m.•18 views

[20240701] - Core - XSS in accessible media selection field

Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field...

6.1CVSS5.8AI score0.00442EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/07/25 12:0 a.m.•18 views

bagallery , , Other

Developer statement Old 1.1 / New 1.2 Update details: We have thoroughly tested all the code in our component to ensure it is free of any security issues. Update URL: https://bestaddon.com/product/ba-gallery/Changelog...

7.3AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/07/14 12:0 a.m.•18 views

js jobs, 1.3, SQL Injection

js jobs,1.3,SQL Injection...

1.5AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/04/03 10:48 a.m.•18 views

hwdplayer,4.2,SQL Injection

hwdplayer,4.2,SQL Injection Possible abandonware also...

2.4AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/10/16 12:0 a.m.•18 views

J2Store, 3.3.9. and previous,XSS (Cross Site Scripting)

J2Store,3.9.x,XSS Cross Site Scripting Update to 3.3.11 https://www.j2store.org/blog/general/j2store-3-3-11-released-with-improvements-and-a-security-fix.html...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/10/08 12:0 a.m.•18 views

js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other

js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other Extension Update Details Fix the file security bug. new version number 2.1.7...

2.1AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/12 12:0 a.m.•18 views

JS support ticket,1.1.6, SQL Injection

JS support ticket,1.1.6, SQL Injection resolution: update to 1.1.7 update notice: https://joomsky.com/products/js-ticket-joomla.html...

7.8AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/13 8:58 a.m.•18 views

RSMembership! older than 1.22.11 ,Other

RSMembership! older than 1.22.11,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

0.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/13 8:58 a.m.•18 views

RSEvents! Pro Cart Plugin older than 1.1.15 ,Other

RSEvents! Pro Cart Plugin older than 1.1.15,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

1.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/27 12:0 a.m.•18 views

[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and...

1.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/22 12:0 a.m.•18 views

TCPDF Library,6.2.12,Other

TCPDF Library,6.2.12,Other updated to v6.2.26 | ---|--- ttweetfsubscribe...

7.1AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/20 4:18 p.m.•18 views

JoomCRM 1.1.1

new version number 1.1.2 https://www.joomboost.com/blog-updates/joomcrm-version-1-1-2-security-announcement.html...

0.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/15 12:0 a.m.•18 views

CW Article Attachments (Free Version), SQL Injection

CW Article Attachments Free Version from cwjoomla.com, versions 1.0.6 and previous, SQL Injection resolution: update to 1.0.7 update notice: http://www.cwjoomla.com/download-cw-article-attachments...

2.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/02/20 12:0 a.m.•18 views

Jimtawl, 2.2.6, Arbitrary File Upload

Jimtawl from janguo.de, 2.2.6, arbitrary file upload Resolution: update to 2.2.7 Update notice: http://janguo.de/lang-de/joomla-25-higher/jimtawl.html...

0.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/12/29 12:0 a.m.•18 views

Joomla Guru, SQL Injection

Joomla Guru by IJoomla, 5.0.15 and previous, SQL Injection resolution: update to 5.0.16 update notice: https://guru.ijoomla.com/changelog/237-guru-5-0-16...

1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/12/15 3:31 p.m.•18 views

JEXTN Video Gallery 3.0.5 - SQL Injection, 3.0.5 ,SQL Injection

JEXTN Video Gallery 3.0.5 - SQL Injection, 3.0.5 ,SQL Injection...

3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/24 12:0 a.m.•18 views

JS Jobs,1.1.8, RCE

JS Jobs, 1.1.8, Remote code execution - includes free and pro versions resolution: update to 1.1.9 update notice: http://www.joomsky.com/products/js-jobs.html...

2.7AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities747