5 March 2026.
mySites.guru report that the Astroid Framework for Joomla has a critical authentication bypass vulnerability that attackers are actively exploiting.
It is reportedly being used to "install backdoor plugins and inject hidden SEO spam links into affected sites".
All versions of Astroid Framework for Joomla before v3.3.11 are affected.
What should you do?
Check your website to make sure it is not using the Astroid Framework.
If it is then it was most likely installed by a web designer who created a Template for your website using the Astroid Framework.
Follow the guidance at the link below.
If your website has been hacked then mySites.guru offer a value for money rescue package (recommended).
mySite.guru Blog: Astroid Framework for Joomla Security Alert
Make Joomla! CMS Security your #1 Priority
We help and support managers responsible for Joomla! CMS websites in UK business and third sector organisations across Cheshire, Greater Manchester, Merseyside and North West England.
Your personal data is nobody's business.