blog

Critical vulnerability in the famous Kunena forum component for Joomla! were announced three days ago and a new version of the component that addresses the issue was released. According to the official Kunena blog post all extension that are not updated to the latest version are vulnerable and the attackers may use XSS and SQL injection to gain full access to a Joomla! site.

Immediately after the Kunena team tweeted about the issue SiteGround security team took rapid actions to protect all customers hosted on our servers. I have personally contacted the developers of the component and we worked together to write special rules for our web application firewall that will filter out all malicious requests that try to take advantage of this exploit.

Even though we protected all of our customers, no matter which version of Kunena they use, we still advise all users to upgrade their Kunena component to the latest stable version 3.0.6 in which the issue is fixed.