More Bad News for Joomla

Posted by on May 23, 2018 in Blog, Joomla, Web Security

joomla security vulnerabilitiesJoomla Security Update

If you own a Joomla website, and you care about how Joomla security issues are affecting your web visitors and your own organization, you can’t afford to NOT READ this article!

Owners of Joomla websites and many WordPress website owners got security update emails this morning.

OK, nothing new about that, but..

But what a difference in those messages!


Inadequate filtering of file and folder names lead to various XSS attack vectors in the media manager.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.7


Upgrade to WordPress

That was the heart of the Joomla message. (OK, I’m being a little cheeky with the “Upgrade” part!)

Now, here’s the WordPress security “alert” –


#43285 – Loosen the admin referrer policy header value to allow the referring host to be sent from the admin area in all cases

WordPress is saying that their security was a bit too tight and they needed to allow more leeway on referring host!

“Joomla Security” – an Oxymoron?

The really sad part of this is just how long Joomla is admitting that this security vulnerability has existed – since January 22, 2008*!

*(Click link to view Joomla 1.5 version history page)

Put that in your head for a moment!  Joomla is admitting they’ve had a security vulnerability for more than ten years, that they’ve just now discovered.

This comes just a couple months after Joomla admitted another, even more serious Joomla security vulnerability that took them two years to discover!

The bottom line is that Joomla developers are discovering security problems after those security issues have existed for years.

Have no doubt that hundreds, if not thousands of hackers discovered those issues long before Joomla’s developers did.

What this Means to You

If you run a Joomla website, it’s likely your site has been compromised, even if you are unaware. Such a compromise could be costing you dearly in search engine rankings, website responsiveness and expose you and your Joomla website visitors to harm.

As I’ve said several times before, Joomla’s developers have always had a blind eye toward website security issues, but it’s even worse now that their ranks have seriously thinned with many developers moving to other platforms – namely WordPress.

The CMS wars are over.  Joomla and the others have lost to WordPress.  WordPress has the most CMS developers, the most website security experts and the most users.

Hiring a WordPress is easier and cheaper than hiring a Joomla Developer.  Not only that, but your WordPress developer is probably more savvy and experienced than your Joomla web developer because the smart web developers moved off to WordPress two or more years ago!

Moving or converting your Joomla website to WordPress doesn’t have to be expensive or an epic project.  Chances are, we can help you get it done in just a week or less and from as little as $99.

If you’re thinking of moving from Joomla to WordPress, check out our sister site –

..then let’s talk!