Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.5
Joomla Tassos Framework plugin allows unauthorized access to internal functionality
CVE-2026-21627
Summary
The Tassos Framework plugin for Joomla has a security issue that could let attackers access internal functions without permission. This could potentially allow them to do things they shouldn't be able to do. To fix this, update the Tassos Framework plugin to the latest version.
Original title
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality coul...
Original description
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.
nvd CVSS4.0
9.5
Vulnerability type
CWE-284
Improper Access Control
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026