chronoforms and other chronoengine extensions
developer's site was infected with malware, but is now reviewed as "safe" according to Google transparency report.
see https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en#url=chronoengine.com
The VEL do not know of any recent reports of vulnerabilities in the extensions themselves....
Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)
resolution: update to version 2.8.10
update notice: https://securitycheck.protegetuordenador.com/index.php/downloads/securitycheck-j3x
...
kunena,4.0.10,Information Disclosure
Developers update link
JoomDOC,4.0.3 ,Information Disclosure...
Using a quick start package may be the quickest way to get a fully set up , add your content site. but are you aware of the dangers.
we tested several quick starts from major providers ranging from Template developers and extension developers who include a ready to go version of Joomla.
We found that there were varying degrees of insecurities. None of these packages are plug/play/forget.
after35 minutes on friday in the musical roundabout, I Spoke to SIA after 28 minutes on hold, who despite saying they couldn't speak to me as I personally didn't do the online application, admitted that the letter they should have sent me on the 17th May wasn't actually sent.