Joomla EasyDiscuss Access Control Vulnerability in Forum Post Custom Fields

Vulnerability

A vulnerability exists in Joomla's EasyDiscuss component, specifically in the forum post custom fields feature. The issue arises because access control settings are not properly enforced in the JSON output type, creating a vector for ACL violations and potential information disclosure.

Impact

Exploitation of this vulnerability could lead to unauthorized access to information that should be restricted based on user permissions.

Added: Feb 6, 2026, 8:25 AM

Updated: Feb 6, 2026, 3:45 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.6

remediation

0.0

relevance

2.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.6

remediation

0.0

relevance

2.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla EasyDiscuss Access Control Vulnerability in Forum Post Custom Fields

Vulnerability

Impact

Affected Products

StackIdeas EasyDiscuss

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating