Why does the Extensions site include insecure extensions?
From Joomla! Documentation
Revision as of 20:51, 8 May 2010 by Horus 68
The site Joomla! Extensions Directory (JED) exists as a free service to the community. Anyone can post extensions there and extensions exist at all levels of quality and maturity.
If an extension is found to contain vulnerabilities, it will be removed from the site until a safer version is released, but there is no guarantee that the vulnerabilities of every extension have been discovered or reported.
You can find here the VEL Vulnerable Extensions List. This list the extensions with know vulnerabilities.
To be safe, you must verify the security of every extension you install.
Below is the text of the Joomla! Extensions site disclaimer. Ignore it at your peril.
- The extensions and reviews listed in this area have been submitted by the community and their listing does not constitute or imply endorsement, recommendation, or favouring by Joomla!/OSM.
- This content is provided as a free service to our visitors, and, as such, Joomla!/OSM cannot be held liable for the accuracy of the information. Visitors wishing to verify that the information is correct should contact the parties responsible for authoring the content and/or development of the extension.