Joomla! Documentation - Vulnerable Extensions List

civic crm 422

upload exploit /RFI 260413 developer http://civicrm.org/category/civicrm-blog-categories/civicrm-v43 release 4.3.1

alfcontact

xss 230413 developer release statement on ALFContact v2.0.8 for J!2.5 ALFContact v3.1.4 for J!3

aiContactSafe 2.0.19

xss 160413 developer release statement for version 2.0.21

RSfiles

SQL 180313 developer release statement for version 12

Multiple Customfields Filter for Virtuemart

SQLi 18212 developers 1.6.8 update statement

Collector

Various [steevo.fr] 230113 developer update statement to 0.5.1

tz guestbook

Various 100113 developer release statement for 1.1.2

extplorer

2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 are vulnerable to an authentication bypass 251212 developer update to 2.1.3 statement

JooProperty

SQLi 101212 developer release new version 1.13.1 - upgrade notice

Multiple Customfields Filter for Virtuemart

SQLi 18212 developers update statement

ag google analytic

Various 061212

sh404sef <3.7.0

Undisclosed sh404SEF 3.4.x, 3.5.x, 3.6.x for Joomla 2.5 26112 developer statement

Login Failed Log

23112 ID - information disclosure developer release statement to ver 1.5.4

jNews

131112 developer update statement to version 7.9.1 151112

Joombah Jobs

Upload restriction issues 131112 developer update statement

commedia

RFI 231012 developer update statement to version 3.2 271012

Kunena

SQLi + ID 221012 Developer states current version not exploitable by reported methods

Icagenda

SQLi Developer statement for 1.2.9

JTag [joomlatag]

SQLi

Freestyle Support

SQLi developer update statement 251012

ACEFTP

DT 011012 AceFTP 2.0.0 released. Developer statement 101012

MijoFTP

DT 011012 *reported fixed prior to notification*

spider calendar lite

RFI 180912 developer release version 1.5 version

RokModule

SQLi Rereported 180912 Developer states: no known exploits for our current versions of RokModule Joomla 2.5 - v1.3 Joomla 1.5 - v1.4

ICagenda

SQLi developer security release - v1.2.1 080912

En Masse cart

RFI 060812 Developer upgrade statement to 3.1.3

JCE (joomla content editor)

Upload Restriction <2.2.4 050812 Developer states current version not exploitable

RSGallery2

SQLi XSS 31 07 12 Devleoper statement versions 3.2.0 for Joomla 2.5 and version 2.3.0 for Joomla 1.5 released

osproperty

Unrestricted uploads 160712 Developer release version 2.0.3 180712

KSAdvertiser

RFI 160712 The security update version 1.5.72 advise can be found here:

German English

Shipping by State for Virtuemart

elevated permissions (http://web-expert.gr/en) 160612 Upgrade to v2.5 download commercial product 300612

ownbiblio 1.5.3

SQLi + 250512

Ninjaxplorer <=1.0.6

developer notification 250412 developer statement upgrade to 1.0.7

Phoca Fav Icon

Permissions Rewrite 150412 developer update 2.0.3 statement

estateagent improved

sqli (eaimproved.eu) 110412 developer states previous version, not current version

bearleague

110412 sql (no longer maintained)

JLive! Chat v4.3.1

DT 060412 Developer reports as unproven

virtuemart 2.0.2

SQLi 050412 developers release statementCurrent version 2.0.6 released

JE testimonial

SQLi 230312 Developer states malicious report.

JaggyBlog

excessive file permission 090212 version 1.3.1 released

Quickl Form

xss 260112

com_advert

sqli - unknown developer 240112

Joomla Discussions Component

sqli 180112 Discussions 1.4.1 released developer statement

HD Video Share (contushdvideoshare)

sqli 180112 updated version 2.2

Simple File Upload 1.3

RFI 010112 Developer update statement to 1.3.5

Simple File Upload 1.3

RFI 010112 Developer update statement to 1.3.5

Dshop

sqli (possibly dhrusya.com) 201111

QContacts 1.0.6

sqli 131211

Jobprofile 1.0

SQL Injection Vulnerability 051211

JX Finder 2.0.1

XSS Vulnerabilities 011211

wdbanners

Unknown Exploit 301111

JB Captify Content J1.5 and J1.7

Security checks missing -Versions prior to JB_mod_captifyContent_J1.5_J1.7_1.0.1.zip 141111 All extensions available on the site have been updated and this potential security issue has been resolved.

JB Microblog

Security checks missing - J1.7 only. Versions prior to 1.10.3 14111 All extensions available on the [joomlabamboo.com site have been updated] and this potential security issue has been resolved.

JB Slideshow <3.5.1,

Security checks missing 141111 All extensions available on the [joomlabamboo.com site have been updated] and this potential security issue has been resolved.

JB Bamboobox

Security checks missing - J1.5 all versions prior to 1.2.2 141111 All extensions available on the [joomlabamboo.com site have been updated] and this potential security issue has been resolved.

RokModule

SQLI - exploits RokStock RokWeather RokNewspager 121111 developer release statement RokModule v1.3 for Joomla 1.7 RokModule v1.4 for Joomla 1.5

hm community

Multiple Vulnerabilities 011111 developer release 1.01

Alameda

SQLi 01111 developer statement and Latest version number v1.0.1.

Techfolio 1.0

Techfolio 1.0 SQLI 291011

Barter Sites 1.3

Barter Sites 1.3 SQL Injection & Persistent XSS vulnerabilities 291011 developer release 1.3.1

Jeema SMS 3.2

Jeema SMS 3.2 Multiple Vulnerabilities 291011 developer resolution notice for 3.5.2

Vik Real Estate 1.0

Vik Real Estate 1.0 Multiple Blind SqlI 291011

yj contact

LFI (youjoomla contact) 241011 developer update statement 261011

NoNumber Framework

Advanced Module Manager * AdminBar Docker * Add to Menu * Articles Anywhere * What? Nothing!* Tooltips* Tabber* Sourcerer* Slider* Timed Styles* Modules Anywhere* Modalizer* ReReplacer* Snippets* DB Replacer* CustoMenu* Content Templater* CDN for Joomla!* Cache Cleaner* Better Preview 181011 see http://feeds.feedburner.com/nonumber/news for updates of various extensions