Another Major Joomla Zero Day Exploit, Update Required

If you use Joomla, there is yet another critical vulnerability and this one is racing through the wild. An immediate update is required for all versions of Joomla.

According to Sucuri, they began noticing the exploit on December 12th, and it has been running wild through Joomla sites. They noted yesterday that “the wave of attacks is even bigger, with basically every site and honeypot we have being attacked. That means that probably every other Joomla site out there is being targeted as well.”

For those using Joomla 3.x, there is a patch now available. The version that patches this exploit is version 3.4.6. However, with how widespread this attack is, it is likely many Joomla installs were exploited during the two days prior to the patch becoming available.

This is the second major vulnerability found in Joomla in the last few months. In October, there was a SQL injection vulnerability that was so significant, Joomla preannounced that a patch would be available to fix it.

Bio
Latest Posts

Jennifer Slegg

Founder & Editor at The SEM Post

Jennifer Slegg is a longtime speaker and expert in search engine marketing, working in the industry for almost 20 years. When she isn't sitting at her desk writing and working, she can be found grabbing a latte at her local Starbucks or planning her next trip to Disneyland. She regularly speaks at Pubcon, SMX, State of Search, Brighton SEO and more, and has been presenting at conferences for over a decade.

Latest posts by Jennifer Slegg (see all)

2022 Update for Google Quality Rater Guidelines – Big YMYL Updates - August 1, 2022
Google Quality Rater Guidelines: The Low Quality 2021 Update - October 19, 2021
Rethinking Affiliate Sites With Google’s Product Review Update - April 23, 2021
New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
Google Updates Experiment Statistics for Quality Raters - October 6, 2020

Google Adds Entity Disambiguation to Search Box for Many Keywords »

« Yes, gTLDs Can Rank Just as Well as .com Domains in Google

Jennifer Slegg :Jennifer Slegg is a longtime speaker and expert in search engine marketing, working in the industry for almost 20 years. When she isn't sitting at her desk writing and working, she can be found grabbing a latte at her local Starbucks or planning her next trip to Disneyland. She regularly speaks at Pubcon, SMX, State of Search, Brighton SEO and more, and has been presenting at conferences for over a decade.

75% of Site Owners Cleaned Up Hacked Sites After Google Notification
Google released some interesting data on hacked sites and their attempts to notify webmasters that…
Which Manual Action Notice Does Google Send the Most?
Google has been sending out a wide variety of manual actions to webmasters for several…
Google Adds New HTTPS Transparency Report
Google has added a new section to their Transparency Report to cover how much traffic…