Security · 1h ago
Joomla extensions with perfect 10 CVSS scores exploited in the wild
Attackers are exploiting two critical vulnerabilities in iCagenda and Balbooa Forms extensions for Joomla, each carrying a CVSS score of 10. The flaws allow remote code execution on sites running the open-source CMS, which powers over a million websites globally. Administrators are urged to patch immediately.
Meridian48 take
While the perfect CVSS score grabs attention, the real story is how third-party extensions remain a weak link in CMS security, often overlooked by site owners.
Read the full reporting
Baddies caught exploiting extensions bugs with perfect 10 scores on vulnerable Joomla websites →
The Register
joomlacms-security