The new vulnerable extensions list has been released into the wild today. Based at the https://docs.joomla.org/Vulnerable_Extensions_List

The announcement has been made in both the extensions forum and the documentation forum for maximum exposure.

Why has this list been produced?

We find that most users "install and forget" They may upgrade the latest Joomla! version, but dont always update the extensions.

This has replaced the old, seldom updated list that has now been archived.
Reports of vulnerable extensions can be reported to the JED http://extensions.joomla.org/ or posted in a security topic clearly showing a vulnerable extension report.

How to use this list

• All known extensions are the listed in the first column.
• "Alert Advisory" details in the centre column (the date is in American format mm/dd/yyyy).
• The link to the advisory notice.
• Finally a link to the notice about any update or Not Known where none is known.

Any developer who has cleared the vulnerability or discontinued the extension should let us know so that we can mark it on the list. Preferably in the extensions forum topic.

Users, after checking the version of the extension they have installed, please check with the extension publisher in case of any questions over the security of their product if no update link is provided.

This list is compiled from found information and may not be an up to date accurate list. following feedback from people, items will be removed after a suitable period and not on resolution of the vulnerability as some people may still be using old extensions years beyond their shelf life.

Remember, just because its fixed, doesnt mean its not out there or we know about it!

Thank you.