Keen IT Photo Contest, 1.0.2, SQL Injection

Keen IT Photo Contest, 1.0.2, SQL Injection...

Quiz Deluxe,3.7.4,SQL Injection

Quiz Deluxe by joomplace, 3.7.4, SQL Injection resolution: update to 3.7.5 update notice: https://www.joomplace.com/blog/secure-your-quiz.html...

Checklist by Joomplace,1.1.0,SQL Injection

Checklist by Joomplace, 1.1.0, SQL Injection Resolution: update to 1.1.1 Update notice: https://www.joomplace.com/blog/checklist-security-update.html...

Joomanager, other

Joomanager from joomanager.com, 2.0.0 and previous versions users are advised to uninstall immediately...

Survey Force Deluxe,3.2.4,SQL Injection

Survey Force Deluxe by Joomplace, 3.2.4, SQL Injection resolution: update to 3.2.5 update notice: https://www.joomplace.com/blog/survey-3-2-5-patch.html...

Payplans 3.6.2

Payplans 3.6.2 and previous, price manipulation resolution: update to 3.6.3 update notice: https://stackideas.com/blog/critical-update-for-payplans-363...

Simgenealogy,2.1.7,SQL Injection

Simgenealogy by Simbunch.com, 2.1.7 and previous, SQL Injection resolution: update to 2.1.8 update notice: https://www.simbunch.com/blog/183-simgenealogy-critical-security-update-2-1-8...

Realtyna RPL, All versions, SQL Injection and Abandonware

Realtyna RPL, All versions, SQL Injection and abandonware The developer no longer supports Joomla! The site is still online, but there are redirects to the Wordpress version. We asked the developer about the prospect of a security release, and received this reply: It’s almost 2 years that we...

Akeeba Backup, 5.5.1, various issues

Akeeba Backup, versions 5.5.1 and previous, various issues see developer's site for details Resolution: update to 5.5.2 Update notice: https://www.akeebabackup.com/component/ars/?view=Itemsid=2732...

Event Registration Pro,4.1.3,SQL Injection

Event Registration Pro, 4.1.3 and previous, SQL Injection Resolution: update to version 4.1.4 Update notice: https://www.joomlashowroom.com/blog/event-registration-pro-4-1-4-security-release...

ccNewsletter 2.1.9 and previous, SQL injection

ccNewsletter by Chill Creations, version 2.1.9 and previous, SQL injection resolution: update to 2.2.0 update notice: https://www.chillcreations.com/downloads/ccnewsletter regrettably, the developer seems to have forgotten to notify the VEL...

LMS King Pro, SQL Injection

LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 lite and 3.2.3.47 pro, SQL Injection resolution: update to version 3.2.3.20 lite and 3.2.3.48 pro update notice url: https://www.king-products.net/lms-king.html...

Street Guesser,1.1.8,SQL Injection

Street Guesser by Normograph, version 1.1.8, SQL Injection resolution: update to 1.1.13 update notice: https://www.nordmograph.com/extensions/index.php?option=comvirtuemart=productdetailsproductid=160categoryid=1=58...

LMS King Lite, SQL Injection

LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 lite and 3.2.3.47 pro, SQL Injection resolution: update to version 3.2.3.20 lite and 3.2.3.48 pro update notice url: https://www.king-products.net/lms-king.html...

Appointment, v1.1 ,SQL Injection

Appointment by Harmis Technology joomlaextensions.co.in, v1.1, SQL Injection...

Calendar Planner 1.0.1 - SQL Injection

Calendar Planner 1.0.1 - SQL Injection resolution: update to 1.0.2 update notice: http://www.joomlathat.com/news/news/calendar-planner/calendar-planner-1-0-2-security-release...

SP Movie Database 1.3, SQL Injection

SP Movie Database version 1.3 by joomshaper.com, SQL Injection resolution: update to version 1.4 update notice: https://www.joomshaper.com/forums/sp-movie-database-component-updated-with-security-and-other-fixes...

Twitch Tv 1.1, SQL Injection

Twitch TV version 1.1 by Bharat Koriya aindropsinfotech.com, SQL Injection...

KissGallery 1.0.0, SQL Injection

KissGallery version 1.0.0 by TW Carter, SQL Injection...

Zap Calendar, 4.3.6 and previous, SQL Injection

Zap Calendar, 4.3.6, SQL Injection resolution: update to 4.3.7 update notice url: https://zcontent.net/support/zapcalendar/265-change-log-for-zap-calendar...

Bye Bye Password,1.0.4,Information Disclosure

Bye Bye Password by Ready Bytes, versions 1.0.4 and previous, Information Disclosure Also the installer includes a tracking script...

Extplorer, 2.1.9 and previous, Directory Traversal

Extplorer, 2.1.9, Directory Traversal cve: CVE-2016-4313 resolution: update to 2.1.10 update notice: http://extplorer.net/news/21...

[20170901] - Core - Information Disclosure

A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state...

[20170902] - Core - LDAP Information Disclosure

Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password...

IJSEO, 3.1.17, SQL Injection

IJSEO from IJoomla, 3.1.17, SQL Injection Resolution: update to 3.1.18 Update notice: https://seo.ijoomla.com/blog/entry/joomla-iseo-extension-got-important-security-fix-1-1 The issue affects both the commercial Pro and the non-commercial Light versions of the extension. The developer released a...

Cookie consent from silktide, Unknown version, Other

Cookie consent from silktide, Unknown version, Malicious links aka https://cookieconsent.insites.com/download/ When the Cookie Consent plugin by Silktide stopped using Amazon CDN, someone hijacked their Amazon storage and began serving malicious scripts so that sites that still use old version of...

[20180507] - Core - Session deletion race condition

A long running background process, such as remote checks for core or extension updates, could create a race condition where a session which was expected to be destroyed would be recreated...

easysocial, 2.0.18 and below

easysocial, 2.0.18 and below Extension Update Details https://stackideas.com/blog/security-update-for-easysocial-2019...

JoomRecipe,1.0.3,SQL Injection

JoomRecipe ,1.0.3,SQL Injection UpdateNotice URL https://www.joomboost.com/blog-updates/entry/joomrecipe-version-1-0-4-security-announcement.html changelog Changelog Url https://www.joomboost.com/components-changelogs/60-joomrecipe-changelog.html...

[20170703] - Core - XSS Vulnerability

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components...

Joomla Payage, 2.05, SQL Injection

Joomla Payage, 2.05 and previous, SQL Injection Resolution: update to 2.0.6 Update notice: http://www.lesarbresdesign.info/version-history/payage...

Vik Rent Car 1.10 and previous

Vik Rent Car 1.10 and previous, SQL injection Resolution: update to 1.11 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...

Vik Appointments 1.4 and previous

Vik Appointments 1.4 and previous, SQL Injection Resolution: update to 1.5 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...

Vik Rent Items 1.3 and previous

Vik Rent Items 1.3 and previous SQL injection Resolution:update to version 1.4 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...

[20170702] - Core - XSS Vulnerability

Missing CSRF token checks and improper input validation lead to an XSS vulnerability...

HikaShop Business,3.1.0,SQL Injection

HikaShop Business,3.1.0,SQL Injection new version number 3.1.1 Update Notice URL https://www.hikashop.com/home/blog/373-security-release-for-hikashop-business.html...

AYS Quiz,1.0,SQL Injection

AYS Quiz, 1.0,SQL Injection...

Kunena 5.0.8 and previous XSS

Kunena 5.0.8 and previous, cross-site scripting XSS Resolution: update to 5.0.9 Update notice: https://www.kunena.org/blog/185-kunena-5-0-9-released...

[20171103] - Core - Information Disclosure

A logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

Extra Search by Joomlaboat,2.2.8 and previous,SQL Injection

Extra Search by Joomlaboat, 2.2.8 and previous, SQL Injection...

[20170501] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability...

Myportfolio,3.0.2,SQL Injection

Myportfolio,3.0.2,SQL Injection Developer statement new version number 3.0.3 Update Notice URL https://www.samybaxy.net/...

[20170705] - Core - XSS Vulnerability

Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components...

Joomla Modern Booking,1.0,SQL Injection

Joomla Modern Booking,1.0,SQL Injection new version number 2.0.0 UpdateNotice URL https://www.unikalus.com/announcements.html...

[20170704] - Core - Installer: Lack of Ownership Verification

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control...

JobGrok,versions 3.1, SQL Injection

JobGrok Listing - V3.1-1.2.58 and prior was vulnerable - comjobgroklist Resolution: update to V3.1-1.2.59 JobGrok Application - V3.1-1.2.55 and prior was vulnerable - comjobgrokapp Resolution: update to V3.1-1.2.56 JobGrok Premium - V3.1-1.6.69 and prior was vulnerable - comjobgrok Resolution:...

Membership Pro and other OS Solution extensions

Os Solution products have fixed an issue in the Paypal payment gateway in five of their extensions and made new releases to fix it:- 1. Events Booking version 2.14.2 https://www.joomdonation.com/forum/events-booking-general-discussion/57320-events-booking-version-2-14-2-released.html 2...

[20170403] - Core - XSS Vulnerability

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components...

Directorix Directory Manager,1.1.1,SQL Injection

Directorix Directory Manager,1.1.1,SQL Injection...

OrdaSoft CCK,2.0.4,SQL Injection

OrdaSoft CCK, 2.0.4, SQL Injection Resolution: update to 2.0.5 Update notice: http://ordasoft.com/News/News/os-cck-content-construction-kit-for-joomla-security-update.html...