-
Security Announcements
Jan 11, 2021 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions:3.0.0 - 3.9.23Exploit type: Incorrect Access ControlReported Date: 2020-07-07Fixed Date: 2021-01-12CVE Number: CVE-2021-23123DescriptionLack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.23SolutionUpgrade to version[…]
Read more...
-
Security Announcements
Jan 11, 2021 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions:3.9.0 - 3.9.23Exploit type: XSSReported Date: 2020-09-01Fixed Date: 2021-01-12CVE Number: CVE-2021-23124DescriptionLack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.23SolutionUpgrade to version 3.9.24ContactThe JSST at the Joomla! Security Centre.Reported By: Šarūnas[…]
Read more...
-
Security Announcements
Jan 11, 2021 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions:3.1.0 - 3.9.23Exploit type: XSSReported Date: 2020-09-01Fixed Date: 2021-01-12CVE Number: CVE-2021-23125DescriptionLack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.Affected InstallsJoomla! CMS versions 3.1.0 - 3.9.23SolutionUpgrade to version 3.9.24ContactThe JSST[…]
Read more...
-
Blog - JoomlaWorks
Dec 4, 2020 | 16:44 pm
The performance of the default article system in Joomla really sucks big time, that's a well know fact.It''s actually one of the reasons we built K2 in the first place.And as we venture into Joomla 4 territory, instead of seeing[…]
Read more...
-
Security Announcements
Nov 24, 2020 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.22Exploit type: Information DisclosureReported Date: 2020-06-21Fixed Date: 2020-11-24CVE Number: CVE-2020-35610DescriptionThe autosuggestion feature of com_finder did not respect the access level of the corresponding terms.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the Joomla![…]
Read more...
-
Security Announcements
Nov 24, 2020 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.22Exploit type: Information DisclosureReported Date: 2020-09-23Fixed Date: 2020-11-24CVE Number: CVE-2020-35611DescriptionThe globlal configuration page does not remove secrets from the HTML output, disclosing the current values.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the[…]
Read more...
-
Security Announcements
Nov 24, 2020 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.22Exploit type: Path traversalReported Date: 2020-10-06Fixed Date: 2020-11-24CVE Number: CVE-2020-35612DescriptionThe folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the Joomla![…]
Read more...
-
Security Announcements
Nov 24, 2020 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.0.0-3.9.22Exploit type: SQL InjectionReported Date: 2020-10-13Fixed Date: 2020-11-24CVE Number: CVE-2020-35613DescriptionImproper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at[…]
Read more...
-
Security Announcements
Nov 24, 2020 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0-3.9.22Exploit type: User EnumerationReported Date: 2020-08-15Fixed Date: 2020-11-24CVE Number: CVE-2020-35614DescriptionImproper handling of the username leads to a user enumeration attack vector in the backend login page.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe[…]
Read more...
-
Security Announcements
Nov 24, 2020 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0-3.9.22Exploit type: CSRFReported Date: 2020-10-08Fixed Date: 2020-11-24CVE Number: CVE-2020-35615DescriptionA missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the Joomla![…]
Read more...
-
Security Announcements
Nov 24, 2020 | 13:00 pm
Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions:1.7.0 - 3.9.22Exploit type: ACL ViolationReported Date: 2018-11-04Fixed Date: 2020-11-24CVE Number: CVE-2020-35616DescriptionLack of input validation while handling ACL rulesets can cause write ACL violations.Affected InstallsJoomla! CMS versions 1.7.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the[…]
Read more...
-
Vulnerable Extensions
Nov 4, 2020 | 21:51 pm
publisher, 3.0.19, 3rd party extension, XSS (Cross Site Scripting)
Read more...
-
Vulnerable Extensions
Oct 20, 2020 | 09:12 am
paGO Commerce, 2.5.9.0, 3rd party extension, SQL Injection
Read more...
-
Blog - JoomlaWorks
Sep 14, 2020 | 17:28 pm
The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general.Here's what's been added or changed in the K2 Plugin[…]
Read more...
-
Updated Extensions - JoomlaWorks
Sep 14, 2020 | 17:28 pm
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]
Read more...
-
Vulnerable Extensions
Sep 13, 2020 | 21:14 pm
Social Chat, 1.5 and Below, 3rd party extension, SQL Injection Iacopo Guarneri
Read more...
-
Updated Extensions - JoomlaWorks
Jul 22, 2020 | 16:40 pm
SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration.FeaturesLet your users register to your website[…]
Read more...
-
Updated Extensions - JoomlaWorks
Jun 11, 2020 | 17:24 pm
NEW VERSION 3.8 released in June 2020!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]
Read more...
-
Blog - JoomlaWorks
Jun 10, 2020 | 15:51 pm
Simple Image Gallery Pro v3.8.0 is now available to download for subscribers. This new release improves upon existing features, extends Flickr support to galleries (beyond albums/sets) and adds PHP 7.4 & Postgres compatibility.Here's what's been added or changed in Simple Image[…]
Read more...
-
Updated Extensions - JoomlaWorks
May 22, 2020 | 14:22 pm
AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion, Twitch,[…]
Read more...
-
Blog - JoomlaWorks
May 22, 2020 | 14:13 pm
Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Added support for Mixcloud embeds. Just use the pattern[…]
Read more...
-
Updated Extensions - JoomlaWorks
Apr 29, 2020 | 22:47 pm
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]
Read more...
-
blog
Apr 29, 2020 | 20:21 pm
K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…]
Read more...
-
Vulnerable Extensions
Apr 9, 2020 | 21:37 pm
hwdplayer,4.2,SQL InjectionPossible abandonware also
Read more...
-
Blog - JoomlaWorks
Feb 12, 2020 | 09:58 am
I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…]
Read more...
-
Updated Extensions - JoomlaWorks
Jan 28, 2020 | 19:37 pm
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]
Read more...
-
Blog - JoomlaWorks
Jan 28, 2020 | 18:30 pm
Simple Image Gallery (free) version 4.1.0 is now available to download. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.1.0:Allow the plugin to accept WEBP images as source images[…]
Read more...
-
Blog - JoomlaWorks
Jan 17, 2020 | 17:26 pm
Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…]
Read more...
-
Blog - JoomlaWorks
Jan 11, 2020 | 18:13 pm
Simple Image Gallery (free) version 4.0.0 is now available to download. This marks our first extension update that supports the upcoming Joomla version 4 (currently in "beta").Here's what's been added or changed in Simple Image Gallery (free) with the release[…]
Read more...
-
Blog - JoomlaWorks
Jan 8, 2020 | 19:37 pm
RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…]
Read more...
-
Blog - JoomlaWorks
Jan 7, 2020 | 16:12 pm
SocialConnect v1.10.0 is now available to download for subscribers. This new release improves compatibility with recent API changes in Facebook and LinkedIn.Here's what's been added or changed in SocialConnect with the release of v1.10.0:Facebook authorization in SocialConnect's settings will now[…]
Read more...
-
blog
Dec 11, 2019 | 22:02 pm
K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…]
Read more...
-
blog
Dec 8, 2019 | 16:05 pm
As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…]
Read more...
-
Updated Extensions - JoomlaWorks
Dec 5, 2019 | 12:49 pm
Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…]
Read more...
-
blog
Nov 26, 2019 | 18:17 pm
K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…]
Read more...
-
blog
Nov 15, 2019 | 01:04 am
K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…]
Read more...
-
Updated Extensions - JoomlaWorks
Feb 2, 2019 | 17:05 pm
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…]
Read more...
-
blog
Sep 21, 2018 | 16:14 pm
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…]
Read more...
-
Updated Extensions - JoomlaWorks
Sep 21, 2018 | 11:52 am
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…]
Read more...
-
Vulnerable Extensions
Mar 30, 2018 | 13:30 pm
Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]
Read more...
-
Vulnerable Extensions
Mar 15, 2018 | 17:48 pm
Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection
Read more...
-
Vulnerable Extensions
Mar 8, 2018 | 11:25 am
Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection
Read more...
-
Vulnerable Extensions
Mar 7, 2018 | 23:41 pm
File Download Tracker by techsolsystem.com, 3.0, SQL Injection
Read more...
-
Vulnerable Extensions
Mar 7, 2018 | 11:04 am
SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection
Read more...
-
Vulnerable Extensions
Mar 5, 2018 | 10:08 am
JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection
Read more...
-
blog
Aug 18, 2017 | 12:59 pm
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]
Read more...
-
blog
Aug 4, 2016 | 01:12 am
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…]
Read more...
-
blog
Mar 18, 2016 | 05:26 am
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]
Read more...
-
blog
Aug 31, 2015 | 16:14 pm
(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…]
Read more...