Getk2.com K2 Extension For Joomla
7 CVEs affecting Getk2.com K2 Extension For Joomla. Latest disclosed: 2026-06-25. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-48944 | Medium | 6.5 | 2026-06-25 | The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JP… |
CVE-2026-48943 | Medium | 6.5 | 2026-06-25 | K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a st… |
CVE-2026-48941 | Medium | 6.5 | 2026-06-25 | The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under… |
CVE-2026-48946 | Medium | 6.3 | 2026-06-25 | The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under… |
CVE-2026-48942 | Medium | 6.1 | 2026-06-25 | K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping. |
CVE-2026-48945 | Medium | 5.3 | 2026-06-25 | The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/web… |
CVE-2026-48940 | Low | 3.4 | 2026-06-25 | A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 store… |