Skip to main content
Blog

Security update JCE Editor

Joomla Content Editor (JCE) is a widely used editor in Joomla. An update for JCE edito was released on 18 October 2023: version 2.9.51. This update includes an important security update for all previous versions of JCE Editor Core and JCE Editor Pro.

It further improves support for Joomla 5, fixes an issue with the display of Media Fields, fixes several image processing issues when uploading, and fixes a number of other bugs and issues reported or discovered since the last update.

Security issue

A malicious user could directly access and execute certain PHP files in the JCE Editor plugins folders. For example, this would allow a user to access the foo.php file in the components/com_jce/editor/plugins/foo folder.

This vulnerability does not allow users to upload a file or place it in a specific location. The file must already be on the server, for example placed there by another security issue in another extension or by a site/server vulnerability.

This JCE 2.9.51 update fixes the issue of unauthorised access and improves validation of existing files so that compromised files are not loaded.

We have updated JCE editor to this latest version for all our customers with a support contract.

Joomla 5 support

Support in JCE for Joomla 5 has been improved, eliminating the need for the Backwards Compatible plugin in Joomla 5 for JCE editor. JCE Pro and JCE Core are now fully compatible with Joomla 3, Joomla 4 and Joomla 5!

Source: JCE Pro 2.9.51 released

Nijmegen Office

db8 Website Support
Galiciestraat 35
6663 NR Lent
The Netherlands

+31 85 301 48 28
support at db8 dot nl
+31 6 44 214 500 (urgent)

Opening hours

By appointment
Monday to Friday
09:00 - 17:00 (5pm)
(Time zone: Central European Time)

Acquisition is
not appreciated

© db8.nl. All rights reserved.