Last week, Joomla! released version 3.8.13 which included five security updates for the 3.x series of Joomla!. All five of the vulnerabilities addressed are part of the Joomla! application core. Although all of the vulnerabilities are considered low priority, Joomla! is encouraging users to update their applications as soon as possible to avoid possible compromise as a result of them being exploited. The vulnerabilities below were addressed:
- Vulnerability in com_contact component that allowed submissions even on disabled forms
- Arbitrary code execution vulnerability in com_joomlaupdate component that allowed users to trigger code execution
- Access level vulnerability in com_tags component that could lead to malicious code execution
- Email vulnerability in com_users component that would have allowed someone with an admin user’s email address to process account verifications without intervention
- Addressed a low priority CSRF vulnerability in the com_installer component
Joomla! notes that while version 3.8.x is no longer in active development as they prepare to release Joomla! 3.9, they have opted to release these security fixes now allowing website owners to check extensions and themes before upgrading to the newest full version.
No other bug fixes were included with this version release. SiteLock INFINITY users will have their Joomla! applications patched on their next automated scan. It is recommended that Joomla! users begin preparing for version 3.9 to be released by checking their extensions, plugins, and themes.
If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock INFINITY. We are available 24/7 at 855.378.6200.