chronoforms and other chronoengine extensions
developer's site was infected with malware, but is now reviewed as "safe" according to Google transparency report.
The VEL do not know of any recent reports of vulnerabilities in the extensions themselves....
Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)
resolution: update to version 2.8.10
Developers update link
Using a quick start package may be the quickest way to get a fully set up , add your content site. but are you aware of the dangers.
we tested several quick starts from major providers ranging from Template developers and extension developers who include a ready to go version of Joomla.
We found that there were varying degrees of insecurities. None of these packages are plug/play/forget.
after35 minutes on friday in the musical roundabout, I Spoke to SIA after 28 minutes on hold, who despite saying they couldn't speak to me as I personally didn't do the online application, admitted that the letter they should have sent me on the 17th May wasn't actually sent.