Author Topic: Joomla and VirtueMart security  (Read 10238 times)


  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 25705
  • Always on vacation
    • Jenkin Hill Internet
Joomla and VirtueMart security
« on: September 11, 2013, 17:48:15 pm »
I find it incredible that people set up a Joomla site and once running they seem to assume that it will continue to run safely for ever more! Every day in this forum we see people using Joomla and VirtueMart versions with known critical security issues, just waiting for a hacker to come along. That is the last thing you want on a working eCommerce website. You could lose your reputation, as well as lose sales and possibly be fined for breaches of data security.

No Joomla 3.x version before 3.6.5 is secure.
Reported 15 December 2016 NO Joomla 2.5.x is believed to be secure, - a patch for this latest vulnerability and the Dec 2015 vulnerability has been released by the VirtueMart team:

All previous versions have bugs & security issues some of which are critical, and many sites with earlier versions have been hacked. See for latest security issues.

All VirtueMart 2 versions before 2.6.22 are insecure
All  VirtueMart 3 versions before 3.0.12 are insecure.

Note: VM2.9.x versions were pre-release test versions that should never be used on a live site.

Check for latest VM release versions on

Always test updates on a backup copy of your site. Commercial template users may need to update/edit their template overrides if they were originally for a much older version of VirtueMart.

It is easy to keep up with the security status of Joomla - just subscribe to

For security and new reports of VirtueMart subscribe to  or regulary visit where you can also sign up to have the VM news items emailed to you when released.

For vulnerabilities in Joomla extensions subscribe to this feed: 

It is always a good idea to update to the latest current version when a security warning is issued. BUT always test updates on a backup copy of you site, never the live version.

Not using a secure version can lead to a failure to pass a PCI scan.


Jenkin Hill Internet,
Keswick, Lake District

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM3.2.1 on Joomla 3.6.5 PHP 7.0.12

Testing VM3.2.2 on J!3.6.5 and J!3.7