Severe Joomla security vulnerability discovered — immediate update required
On 16 October 2015, the Joomla project announced that three security vulnerabilities had been identified in Joomla 3.
Together, the vulnerabilities affect all versions of Joomla between v3.0 and v3.4.4 inclusively.
On 22 October 2015, the Joomla project released Joomla 3.4.5 which patches these issues.
Just 90 minutes after this release, third-party websites began publishing full details on how to exploit the vulnerability. This created a very dangerous situation for Joomla users.
As of this writing, our records indicate that one in every three sites remain dangerously insecure.
Thus, if you are running any version of Joomla 3, we strongly suggest that you backup your site and then immediately update to Joomla 3.4.5.
How to maximize Joomla security
For Watchful users, simply visit your Dashboard to backup and then update your sites to patch the Joomla security vulnerability.
If you are not Watchful user, you can use the built-in Joomla updater.
Or if you prefer, download the full Joomla 3.4.5 package (or the relevant update package) using the links provided in the official announcement on Joomla.org and apply them directly in the backend Joomla installer.