If you received an email from me pointing you to one of the pages below, it is because a public version manifest on your website indicates an out-of-date or vulnerable component. Each notice explains why it matters and how to fix it. These are good-faith, responsible-disclosure notices: I am not asking for money, passwords, or access to your site.

  • JCE Security Notice

    Joomla Content Editor | CVE-2026-48907 (CVSS 10.0)

    Guidance for operators running an out-of-date Joomla Content Editor (JCE) plugin, including how to check your version and upgrade safely.

  • End-of-Life Joomla Notice

    Joomla core | Unsupported release

    Guidance for operators running an end-of-life Joomla installation (3.x or earlier), including how to check your version and upgrade to a supported release.

  • SP Page Builder Security Notice

    com_sppagebuilder | CVE-2026-48908 (CVSS 10.0)

    Guidance for operators running a vulnerable version of the SP Page Builder extension, including how to check your version, upgrade, and check for compromise.