"If you have Gmail authentication enabled, someone would be able to bypass your authentication by registering a Gmail address with the same name," Cid explained. "Say you have a user name called 'mysiteadmin,' I could go to Gmail and register firstname.lastname@example.org and get access to your site."
It's not clear how many Joomla-based websites are on the Internet, but according to statistics from W3Techs, a service that gathers data about the use of various Web technologies, Joomla is the second most popular CMS after WordPress. The W3Techs data also shows that only around 8 percent of Joomla sites use 3.x versions of the software, while over 50 percent still use 1.x versions that are no longer supported.
Even though it has a smaller user base than WordPress, Joomla has been heavily targeted by attackers lately and is in fact the most frequently attacked platform, according to data from Sucuri's website firewall product, Cid said. The large number of Joomla sites using versions 1.x of the CMS are at serious risk, because they can't be easily patched and upgrading them to a new version is not straightforward, he said.
Sign up for Computerworld eNewsletters.