CVE-2026-60025
CVE-2026-60025
The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection.
Vulnerability class: CSRF (Cross-Site Request Forgery)
Weakness classification (CWE)
References
- security@joomla.org (product)