Critical Vulnerability in Joomla Fixed on Zero-day

Yesterday, a serious vulnerability that affects all major Joomla versions was disclosed. Using this security breach a hacker could do a full remote command execution on the targeted site. We have worked together with the Joomla Security teams and came up with a rule in our WAF (web application firewall) that would block hacking attempts using this vulnerability and we don’t have reports for hacked accounts through this exploit.

Shortly after we have patched all our servers, a new version of Joomla has been released. Joomla sites, which have our autoupdate service on, will be updated to that new version today. If you have not switched on the Joomla autoupdates on, we would recommend you to upgrade your application to the latest version of its branch in order to fully patch this vulnerability.