• Joomla!®
    • About us
    • Joomla Home
    • What is Joomla?
    • Benefits & Features
    • Project & Leadership
    • Trademark & Licensing
    • Support us
    • Contribute
    • Sponsor
    • Partner
    • Shop
  • Download & Extend
    • Downloads
    • Extensions
    • Languages
    • Get a free site
  • Discover & Learn
    • Documentation
    • Training
    • Certification
    • Site Showcase
    • Announcements
    • Blogs
    • Magazine
  • Community & Support
    • Community Portal
    • Events
    • User Groups
    • Forum
    • Resources Directory
    • Find Hosting
    • Volunteers Portal
    • Vulnerable Extensions List
  • Developer Resources
    • Developer Network
    • Security Centre
    • Issue Tracker
    • GitHub
    • API Documentation
    • Joomla! Framework
    • JoomlaCode

Joomla! Extensions Directory™

Download
Launch
  • Home
  • Browse Extensions
    • Top Rated
    • Most Reviewed
    • New
    • Recently Updated
    • Compatible with J4
  • Search
  • Community
    • Meet the JED Team
    • Blog
    • JED Newsletter
    • Terms of Service
    • Help Joomla!
  • Support
    • Knowledgebase
    • Sponsor Joomla!
  • Vulnerable Extensions
    • About
    • Vulnerable Extensions
    • Resolved Extensions
    • Abandoned Extensions
    • Submit a Report
    • Submit an Update
    • Submit AbandonWare
    • JSON Feed
  • Log in
  • Register
  • Home
  • Vulnerable Extensions
  • Vulnerable Extensions

Vulnerable Extensions

This category lists vulnerable extensions for which no patch is known to  exists. You are recommended to uninstall any listed here from your site. Patched extensions are moved to the Resolved category.

Filters
List of articles in category Vulnerable Extensions
Title Published Date
J-Hotel Portal,6.0.2,SQL Injection 16 March 2017
Smart related articles ,1.1,SQL Injection and XSS 14 March 2017
Most Wanted Real Estate,1.1.0,SQL Injection 13 March 2017
Google Map Store Locator by Matamko,4.0,SQL Injection 13 March 2017
PayPal IPN for DOCman by shopfiles.com,3.1,SQL Injection 13 March 2017
Eventix Events Calendar by Informafix,1.0,SQL Injection 10 March 2017
Magic Deals Web by Jason Web Design,1.2.0,SQL Injection 10 March 2017
MultiTier,3.1,SQL Injection 08 March 2017
Coupon manager,3.5,SQL Injection 06 March 2017
guesser,1.0.4,SQL Injection 06 March 2017

Page 6 of 24

  • 1
  • 2
  • 3
  • ...
  • 5
  • 6
  • 7
  • 8
  • 9
  • ...
VEL Search

Vulnerable Extensions
  • LivingWord, , XSS (Cross Site Scripting)
  • Plugin Creative Gallery , , SQL Injection
  • Proforms Basic via sort_order parameter, , SQL Injection
  • Virtual Classroom, , SQL Injection
  • EXTPLORER, 2.1.15, XSS (Cross Site Scripting)
  • LM-CUSTOM-ADMIN, , Other
  • admirror gallery, , XSS (Cross Site Scripting)
  • Proforms Basic Joomla Module, , Other
  • bagallery , , Other
  • acymailing, pre 8.7.0 , Other
Resolved Extensions
  • Solidres, 2.13.3, XSS (Cross Site Scripting)
  • Edocman 1.24.7 - XSS issue fixed
  • quickform, , Other
  • JC Dashboards, 1.3.10, Other
  • HikaShop, Versions from 4.4.1 to 4.7.2 are affected, SQL Injection
  • HikaShop Joomla Plugin, , SQL Injection
  • Visforms Base Package for Joomla!, 3.14.10, SQL Injection
  • J-BusinessDirectory, 5.7.7 and prior, Other
  • LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, Other
  • jCart for OpenCart, jCart for OpenCart 3.0.3.19, XSS (Cross Site Scripting)

  • Joomla! on Twitter
  • Joomla! on Facebook
  • Joomla! on YouTube
  • Joomla! on LinkedIn
  • Joomla! on Pinterest
  • Joomla! on Instagram
  • Joomla! on GitHub
  • Home
  • About
  • Community
  • Forum
  • Extensions
  • Resources
  • Docs
  • Developer
  • Shop
  • Accessibility Statement
  • Privacy Policy
  • Sponsor Joomla! with $5
  • Help Translate
  • Report an Issue
  • Log in

© 2005 - 2023 Open Source Matters, Inc. All Rights Reserved.

Rochen
Joomla! Hosting by Rochen
× We have detected that you are using an ad blocker. The Joomla! Project relies on revenue from these advertisements so please consider disabling the ad blocker for this domain.