How to fix the security vulnerability affecting 1 in every 10 Joomla sites

Yesterday we were informed of a very serious security vulnerability in eXtplorer — a popular file management utility for Joomla. 

After some research, we now know that on up to 1 in every 10 Joomla websites may be subject to this vulnerability. Thankfully, there are a two easy ways to fix the issue.

Standard Joomla sites

  1. Login to site and look for eXtplorer in the Components menu

  2. CRITICAL STEP - If you find it, Uninstall immediately

  3. If you still require this extension, install version 2.1.5 or later

  4. If removing and installing are not options for you, there are some alternate patches available also.

Watchful-enhanced Joomla sites

Sites that use Watchful can save a tonne of time identifying and fixing affected sites without having to individually log into any sites at all, using the custom uninstall tool we have created for our subscribers.

  1. Use the search tool in the Watchful Dashboard to identify any sites that have eXtplorer.

    extplorer site finder

  2. Only sites with eXtplorer installed are now listed, simply check the top Select All checkbox and then click the Install button in the toolbar.

  3. To remove eXtplorer from all your sites, paste the URL below into the field provided and then click Install All. This will remove eXtplorer from all your sites in one click.

  4. Now install the latest patched version (at time of this writing) of eXtplorer in the same way by using the URL below.

  5. To confirm installation, return to the Watchful Dashboard and validate the affected sites.

  6. For websites built on Joomla 1.5 or earlier, you can identify sites with eXtplorer, but fixing the site must be done manually as described above.

Three more easy security tips

Additional reading from your Watchful team that can make your Joomla Site safer


Sander Potjer
Thanks to the built in support for the ACL Manager Download Key, users of can update ACL Manager on all their sites with just a single click. Sander Potjer /