The latest version of the Joomla! 3.x series was released on March 12, 2019. Version 3.9.4 addresses four security flaws and 28 bug fixes, which includes a high-priority access level vulnerability. Three of the four security flaws are cross-site scripting (XSS) vulnerabilities, which have been identified and resolved in this latest security release. Joomla! users are urged to install 3.9.4 as soon as possible to circumvent any possible security exploits related to this latest security flaw.

Security Vulnerabilities Resolved

  • Access level vulnerability due to missing ACL check in the sample data plugins can lead to a remote unauthenticated attacker exploiting this high-priority vulnerability.

  • Cross-site scripting XSS vulnerabilities were found with the media form filed and item_title not escaping properly.

  • Cross-site XSS vulnerability found in the com_config JSON handler lacks input validation.

For a full list of bug fixes, visit Joomla!’s GitHub.

Joomla! sites protected by SiteLock INFINITY will have these patches applied automatically when their next automated scan runs. Download the latest version of Joomla! today to take advantage of the latest security updates.

If you would like to protect your Joomla! site with automated malware removal and core CMS vulnerability patching, contact SiteLock today and ask about INFINITY. We’re available 24/7 via phone, email, or live chat to help.