Joomla updates (1.5.26 and 2.5.4)

If you are using Joomla, now is a good time to check if your sites are updated. Some (high severity) vulnerabilities were fixed in the latest release, especially if you are still on the 1.5.x branch.

For 1.5.26:

High Priority – Core – Password Change Vulnerability.
Low Priority – Core – Information Disclosure.

For 2.5.4:

Low Priority – Core – Information Disclosure.
Low Priority – Core – XSS Vulnerability.

Version 2.5.3 (released 2 weeks ago) also contains multiple security fixes, so if you haven’t updated your sites lately, you better check them asap.

More details on their release notes for 1.5.26 and for 2.5.4.

*Remember, the leading cause for web site compromises is outdated software! So as a web site owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

2 comments

Rommel Castro says:
April 24, 2012 at 10:18 pm
is people stills using joomla?
Tom says:
September 17, 2012 at 3:46 pm
why ask? what are you using now?

Comments are closed.

Hacked Website Report – 2016/Q1

Daniel Cid
May 18, 2016

Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our…

Read the Post

The Impacts of a Data Breach

Juliana Lewis
May 15, 2018

Have you ever wondered what happens if your e-commerce site is breached? Usually, when you think about data breaches, you think about big enterprise websites.…

Read the Post

Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug

Northon Torga
March 4, 2020

Imagine receiving a TLS warning on your browser every time you visit your website for 60 days straight. Definitely not an ideal situation and you…

Read the Post

DDoS Targeting WordPress Search

Northon Torga
April 8, 2019

Have you ever stopped to think about how many resources a search engine has or if your website could handle the same amount of search…

Read the Post

Joomla admin login bypass – set your UA for full admin access

Yuliyan Tsvetkov
February 1, 2017

Every day we analyse hundreds of new malicious files. Some of them are simple backdoors, injected iframes, or one liner defacements. Another type of malware,…

Read the Post

New Non-HTTPS Websites Blacklisted for Phishy Password Practices

Cesar Anjos
May 26, 2017

We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that…

Read the Post

Stored XSS in Elementor

Marc-Alexandre Montpas
January 29, 2020

During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers…

Read the Post

How APIs Can Streamline Your Operations

Victor Santoyo
June 5, 2018

Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens, even hundreds of web…

Read the Post

AccessPress Themes Hit With Targeted Supply Chain Attack

Ben Martin
January 20, 2022

Security researchers at Automattic recently reported that the popular WordPress plugin and theme authors AccessPress were compromised and their software replaced with backdoored versions. The…

Read the Post

UCEPROTECT Scam: When RBLs Go Bad

Marc Kranat
February 12, 2021

What is a Realtime Blackhole List (RBL)? A Realtime Blackhole List (RBL) contains lists of email servers, domain names, and IP addresses that are associated…

Read the Post

2 comments

Related Categories

You May Also Like