CVE-2026-60024

CVE-2026-60024: Joomla Extension - joomdonation.com - Insecure default configuration Events Booking < 5.8.0

Vendor Joomdonation.com
Product Events Booking extension for Joomla
Weakness CWE-1188
Published July 17, 2026
Last update July 17, 2026

CVSS base score

What the vulnerability does

01Description

The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets.

Key dates

02Disclosure timeline

July 17, 2026 CVE published