Vulnerable extensions

The Joomla! Vulnerable Extensions List. Please check with the extension publisher in case of any questions over the security of their product.
  1. hwdplayer,4.2,SQL Injection

    Possible abandonware also

  2. Rapicode, nultiple extensions, current versions, back door

    Extensions affected are:-

    • Rapi Content Ticker
    • Rapi Content Carousel
    • Rapi Cookie Consent
    • Rapi Countdown
    • Rapi Preloader
    • Rapi Loading Progress Bar
    • Rapi Page Animate

    At the moment the back door seems to be loading mining code, it can be used to load arbitrary scripts or other content from the developer's site.

    We suggest that the extensions be treated as malicious and uninstalled.

    Note that their other extensions may be affected too, we have not had the opportunity to test them all. If you are using them we suggest checking the code for any curl request to, or using your browser tools to check for any unexpected scripts being loaded.

  3. Google Map Landkarten from, versions 4.2.3 and previous, SQL Injection

  4. Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

  5. File Download Tracker by, 3.0, SQL Injection

  6. SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection

  7. JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection

  8. JS Autoz by, 1.0.9 and previous, SQL Injection

  9. Realpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection

  10. Joomla! Pinterest Clone Social Pinboard from, 2.0, multiple SQL Injection vulnerabilities

© Help Joomla. All rights reserved. Terms & Conditions

Help Joomla and this site is not affiliated with or endorsed by The Joomla! Project™. Any products and services provided through this site are not supported or warrantied by The Joomla! Project or Open Source Matters, Inc. Use of the Joomla!® name, symbol, logo and related trademarks is permitted under a limited license granted by Open Source Matters, Inc.