Outdated Versions of Joomla 2.5.x and 3.x Widely Used

Last month we spotlighted at the fact that 31 percent of Joomla websites checked with our Joomla Version Check tool during January were still running Joomla 1.5, for which supported ended September 2012. This month we decided to take a look at if websites that were running a supported Joomla series, either 2.5.x or 3.x, were being kept up to date based on last month’s data from the tool. Unlike websites still running Joomla 1.5 that need a more complicated migration to be brought up to a supported version, the upgrade process for websites running 2.5.x or 3.x is relatively simple. Keeping software running on a website up to date is a basic security measure, so if websites are not being kept up to date when it is relatively easy it shows that website security is in bad shape.

Joomla 2.5.18 was released during the month so Joomla 2.5.x websites would have been up to date if they running 2.5.17 or 2.5.18. Unfortunately 58 percent of the Joomla 2.5 websites were detected as running older versions (for some installations the tool only could tell they were using Joomla 2.5 and those listed as 2.5.x in the chart).

Joomla Version: 2.5.x: 12.30%, 2.5.0: 0.53%, 2.5.1: 1.60%, 2.5.2: 0.53%, 2.5.3: 0.53%, 2.5.4: 4.28%, 2.5.6: 6.95%, 2.5.7: 3.74%, 2.5.8: 5.88%, 2.5.9: 10.16%, 2.5.11: 9.09%, 2.5.13: 1.07%, 2.5.14: 9.63%, 2.5.15: 0.53%, 2.5.16: 3.74%, 2.5.17: 15.51%, 2.5.18: 13.90%

54 percent of the Joomla 2.5 websites checked contain known security vulnerabilities, as they are running versions below 2.5.15, the most recent release with security fixes.

For Joomla 3.x the results are slightly better as only 48 percent were detected running versions prior 3.2.1 or 3.2.2 (3.2.2 was release during the month alongside 2.5.18).

Joomla Version 3.x: 6.35%, 3.0.2: 3.17%, 3.0.3: 6.35%, 3.0.4: 1.59%, 3.1.1: 14.29%, 3.1.4: 1.59%, 3.1.5: 14.29, 3.2.0: 6.35%, 3.2.1: 26.98%, 3.2.2: 19.05%

41 percent of the Joomla 3.x websites checked contain known security vulnerabilities, as they are running versions below 3.1.6, the most recent release with security fixes.

Outdated WordPress and MediaWiki Versions Heavily Used Too

The results for the WordPress and MediaWiki websites checked during February using our tools for those pieces software were also not good.


For WordPress, 60 percent of the websites checked were running a version below the current series, 3.8.

WordPress Version: 2.5: 0.93%, 2.9: 0.46%, 3.0: 0.93%, 3.1: 1.39%, 3.2: 2.78%, 3.3: 6.02%, 3.4: 6.02%, 3.5: 15.28%, 3.6: 10.65%, 3.7: 15.74%, 3.8: 39.81%


For MediaWiki, 47 percent of the websites checked were running a series no longer supported. The currently supported versions are 1.19.x, 1.21.x, and 1.22.x.

MediaWiki Version: 1.14: 3.77%, 1.15: 7.55%, 1.16: 9.43%, 1.17: 9.43%, 1.18: 7.55%, 1.19: 18.87%, 1.20: 9.43%, 1.21: 15.09%, 1.22: 16.98%, 1.23: 1.89%