Submit a Report

We accept reports of security vulnerabilities for Joomla! extensions. If you believe you have found a security vulnerability in an extension, please complete the following form. As our vulnerability policy explains, we may send or attempt to contact the developer of the extension.

Reports for the core should be made via https://developer.joomla.org/security.html, any reports made here will be forwarded to them for action.

Note that we do not coordinate or publish every report we receive. We request that you please make a reasonable attempt to contact the affected developer. If the vulnerability you are reporting is already public, please provide the CERT or other vulnerability database number and indicate which vulnerability database the public report is from.

For additional information about the fields in this form, refer to the instructions. If you have any problems, please contact us.

Please provide as much information as you can. Incomplete or incorrect information may delay out investigation. When you are finished, submit your report using the button at the end of the form.

Information with a (*) is required.

Data collected under Joomla Privacy and cookie policy as shown

Full Name(*)

Please enter your name.

E-mail(*)

Invalid email address.

Organization

Pass your details to the Developer(*)

Please select yes or no

Vulnerability Type(*)

Invalid Input

Affected 3rd party extension name,(*)

Invalid Input

Affected 3rd party extension version.

Invalid Characters Input

Affected 3rd party template name

Invalid Input

Affected 3rd party template version

Invalid Input

Exploit Type(*)

Invalid Input

Enter description for other Exploit Type

Invalid Input

Vulnerability Description

Please describe the vulnerability. Be as specific in detail as you can.

This description is required

(*)

Invalid Input

How did you find the vulnerability? Please note any specific tools or techniques used.(*)

Invalid Input

Is the vulnerability being activly exploited?(*)

YesNoUnknown

Invalid Input

Is the exploit publicly available?(*)

YesNoUnknown

Invalid Input

Enter the URL of website where exploit is publicly available

Invalid URL was Input

Impact of Exploiting this Vulnerability

Describe the specific impact of the exploit and how it would be used in an attack scenario(*)

Invalid Input

Developer Communication

Before submitting this report, please make a reasonable attempt to contact the affected developer via the developers website. If you choose not to try to contact the developer, we may lower the priority of your report.

Which of the following best describes your communication with the developer?

I have not contacted the developer.I have attempted to contact the developer but have not received a response.I have already contacted the developer and received a response.I represent the developer of the vulnerable product.The developer has already acknowledged the vulnerability publicly and has issued an update or patch. Invalid Input

Please enter the URL to the update or patch.

Invalid URL was Input

Who is the developer of the product that contains the vulnerability? If you have already contacted the developer regarding this problem, please share the developers contact information and any CERT or other vulnerability database tracking numbers with us. Indicate which vulnerability tracking database the number relates to.

Developer Name

Invalid Input

Developer Contact E-Mail

Invalid Input

JED URL

Invalid Input

Tracking Database name if any

Invalid Input

Database Tracking ID number if any

Invalid Input

Additional Developer Information

Provide any additional information about the developer, and any communications with the them.

Invalid Input

Location of File

Download URL

Invalid Input

Consent to process this notification.(*)

Invalid Input

Thank you for taking the time to complete our vulnerability reporting form. Click the button below to submit your report.

Upon submission, if the form does not redirect to the thank you page, then please check form for any missing required fields or invalid entries. Any form errors will be highlighted. Correct any errors and press submit again to submit corrected form.

(*)

Please complete captcha

Joomla! Extensions Directory™

VEL Reporting Form

Vulnerability Description

Impact of Exploiting this Vulnerability

Developer Communication

Additional Developer Information

Location of File