CVE-2026-60025

CVE-2026-60025

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection.

Vulnerability class: CSRF (Cross-Site Request Forgery)

Weakness classification (CWE)

References