Joomla! 3.9.4 Security Release announced
UPDATE ASAP
Joomla! 3.9.4 is a Security Release which addresses FOUR security vulnerabilities.
One of these vulnerabilities is labelled as being of HIGH Priority.
This release also includes several improvements.
More details at the following link.
Read more: Joomla! 3.9.4 Release News.
Addressed Vulnerabilities
High Priority
Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3)
Low Priority
Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3)
Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3)
Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3)
Back up before updating is highly recommended
Protect your assets.
Perform a FULL backup of your website (database and files) BEFORE updating the Joomla! CMS and/or its extensions.
Read more: How to back up your website.
Read more: How to update your Joomla! CMS & its extensions.