CSRF Vulnerability in Events Booking Extension for Joomla by JoomlaDonation
CVE-2026-60025

Currently unrated

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2026-60025?

The Events Booking extension for Joomla, prior to version 5.8.0, contains a security flaw in its frontend file upload functionality due to insufficient CSRF protection. This vulnerability may allow an attacker to exploit the system by tricking users into uploading malicious files, potentially compromising sensitive data and security integrity of the Joomla site.

Affected Version(s)

Events Booking extension for Joomla 1.0-5.8.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phil Taylor
.