Joomla users must ensure that they receive the latest update as the platform fixes numerous security vulnerabilities. One of these includes a severe code execution vulnerability.
Joomla Fixes Numerous Security Vulnerabilities
According to a recent advisory, Joomla developers addressed five vulnerabilities with the latest CMS update, calling it a “security and bug fix” release. These include the following.
- CVE-2024-21722: A low-severity vulnerability due to improperly terminating existing user sessions during MFA changes.
- CVE-2024-21723: A low-severity open redirect vulnerability that existed due to inadequate parsing of URLs.
- CVE-2024-21724: A moderate severity cross-site scripting (XSS) vulnerability that could affect extensions due to improper input validation for media selection fields.
- CVE-2024-21725: Another cross-site scripting vulnerability that existed due to inadequate escaping of mail addresses. Given the nature of the exploit which could lead to remote code execution, this vulnerability achieved a high severity rating.
- CVE-2024-21726: A moderate severity cross-site scripting vulnerability that could affect various components due to inadequate content filtering.
These vulnerabilities affected different Joomla versions, which the developers patched with Joomla 4.4.3 and 5.0.3 releases. Besides, for Joomla version 3.x users, the update 3.10.14-elts arrived as a security update, carrying all bug fixes.
While the platform addressed the security vulnerabilities for all Joomla releases, users are still advised to upgrade to Joomla 5.0.3 as it also includes new features.
Joomla is an open-source content management system (CMS) that facilitates organizations, small companies, web agencies, and e-stores in setting up their websites and online apps without hassle.
Given its free availability, user-friendly interface, and seamless compatibility with Microsoft Windows and Unix-like systems alike, Joomla attracts a huge user base from around the world. Consequently, any security vulnerabilities in the platform directly risk a large number of users worldwide. Hence, Joomla users must ensure updating their sites with the latest security releases to receive all bug fixes in time and avoid potential threats.
Let us know your thoughts in the comments.