Right now there’s no machine-readable output format of the vulnerable extensions list. This causes a lot of issues when someone tries to find out, if a specific extension is listed on the VEL or not, because he or she wants to do for example one of the following things:
develop a plugin that automatically sends an email to the site...
If a person follows these few simple rules the majority of site hacks will not happen.
1.) Use a decent hosting provider. Cheap is not necessarily bad, and expensive is not necessarily good. Do your research. Take a few minutes to search for and read comments and reviews left by other users.
2.) If you don't need it for your sites functionality...
Since May 2013 the VEL website has performed brilliantly as a much needed resource for the Joomla community at vel.joomla.org .
With Joomla 2.5 coming up to end of life in December and the vel team attempting to be the champions in keeping up to date, we are about to launch vel3.
After consultation, VEl3 will run the same RSformsPro script but will...
JSN Power Admin,2.3.0,XSS (Cross Site Scripting)
Resolution: update to 2.3.2
Update notice: http://www.joomlashine.com/knowledgeportal/articles/jsn-poweradmin-vulnerability-problem-solved.html
Note that previous security release 2.3.1 is still vulnerable, and should be updated...
Breezing Forms Full before build 884
Breezing Forms Lite before build 912
Information disclosure
Resolution: update to latest version
Update notice: https://crosstec.org/en/blog/859-breezingforms-medium-security-update.html...
Form Maker versions before 3.6.0 XSS
Resolution: update to 3.6.0
Update notice: https://web-dorado.com/products/joomla-form.html...