Exposure of Joomla
CMS393
exposure score
100,048
sites use
2
exploited
24
critical
CVEs
216 resultsCVE-2023-23752MEDIUM[20230201] - Core - Improper access check in webservice endpointsEPSS 99.8%KEVCVE-2026-48907CRITICALJoomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5EPSS 80.4%KEVCVE-2021-26030—[20210401] - Core - Escape xss in logo parameter error pagesEPSS 82.4%CVE-2021-23124—[20210102] - Core - XSS in mod_breadcrumbs aria-label attributeEPSS 81.2%CVE-2024-21726MEDIUM[20240205] - Core - Inadequate content filtering within the filter codeEPSS 48.8%CVE-2024-21725MEDIUM[20240204] - Core - XSS in mail address outputsEPSS 32.2%CVE-2020-35613—[20201104] - Core - SQL injection in com_users list viewEPSS 28.4%CVE-2012-1563—Joomla! before 2.5.3 allows Admin Account Creation.EPSS 8.9%CVE-2025-22206MEDIUMExtension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for JoomlaEPSS 8.7%CVE-2021-23132—[20210306] - Core - com_media allowed paths that are not intended for image uploadsEPSS 6.5%CVE-2020-35616—[20201107] - Core - Write ACL violation in multiple core viewsEPSS 6.1%CVE-2025-49484HIGHExtension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for JoomlaEPSS 3.1%CVE-2022-23793—[20220301] - Core - Zip Slip within the Tar extractorEPSS 2.0%CVE-2023-28731CRITICALUnauthenticated RCE affecting the AcyMailing plugin for JoomlaEPSS 1.8%CVE-2013-3932—SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "BusineEPSS 1.8%CVE-2011-1151—Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.EPSS 1.7%CVE-2020-35612—[20201103] - Core - Path traversal in mod_random_imageEPSS 1.6%CVE-2021-23128—[20210302] - Core - Potential Insecure FOFEncryptRandvalEPSS 1.6%CVE-2021-23127—[20210301] - Core - Insecure randomness within 2FA secret generationEPSS 1.6%CVE-2011-4937—Joomla! 1.7.1 has core information disclosure due to inadequate error checking.EPSS 1.6%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →