Please check with the extension publisher in case of any questions over the security of their product.
How to use this site
All known vulnerable extensions are listed in the LIVE VEL section. In these cases no patch is available and you are recommended to uninstall the extension from your site. The resolved VEL section lists extensions for which a patch is available, you are recommended to update if your site uses any of these extensions.
This list is compiled from found information and may not be an up to date accurate list
- We do NOT promise to test or validate these reports.
- We do NOT guarantee the quality or effectiveness of any updates reported to us or listed here.
- We do not list BETA products, or extensions for J1.0.x J1,5,x. or 2.5.x
How to report a suspected Vulnerable Extension.
Select the Vulnerability Reporting Link.
Developers - How to get yourself RESOLVED on the VEL
Please solve the issues and:
To have your extension marked as resolved, please follow these steps:
Contact the VEL team* with a notice of resolution, the latest version number and a link to the security release statement on your website. (Please read this article for further information on making a security release notice). Create a JED listing owner ticket to the JED with a notice and ask that your listing be republished. Include the full details of your new version number and security notice page
- If not JED listed.
Inform us with a notice of resolution, the latest version number and a link to the security release statement on your website.
* a developer must use the update form for notice of resolution