What is a vulnerable Joomla! extension?

In the last two weeks I have received three separate emails resulting from my subscription to the Joomla! Project's Vulnerable Extension List.

If you are a keen Joomler then I recommend subscribing to this list.

For the most part it refers to obscure extensions that only the most experimental will try using.

But it just occasionally highlights a vulnerability in one of the more popular extensions.

Are all Joomla! 2.5 extensions vulnerable?

A year ago the Joomla! Extension Directory de-listed all extensions not compatible with the Joomla! 3 CMS.

And whilst some extension developers continue to support Joomla! 2.5, the runes show that there won't be any by 2017.

For example: Alledia, a developer of some very useful extensions, withdrew support for Joomla! 2.5 in May 2016.

Alledia has recently taken over development of several extensions previously developed by others:

XMap site map extension development was taken over in 2015,
JW's Tabs & Sliders extension development was taken over in May 2016,
JCal Pro development was taken over in August 2016.

If you use Joomla! 2.5 with one or more of these extensions, you should not expect any new extension releases (bug fix or security) that are compatible with your website.

You will need to upgrade to Joomla! 3 to take advantage of new extension releases.

Joomla! 2.5 is now a zombie CMS

ALL Joomla! 2.5 extensions should be considered vulnerable because of the withdrawal of developer support.

The hackerists have been circling Joomla! 2.5 for months.

The old 2.5 CMS is a leaky boat.

Every 3rd party extension used by it should be considered a potential hole.

It is time to stop bailing and time to jump ship.

It is time to upgrade to Joomla! 3.

WYNCHCO Joomla! CMS Support

We coach, help and support managers with responsibility for Joomla! websites in organisations across Cheshire, Manchester, Merseyside, North West England & the UK.

Details: Last Updated: 29 May 2019