Skip to content
You can now search across every topic, entity and event.What's new
Balbooa Forms
Product

Balbooa Forms

A Joomla web-forms extension; carried a KEV-listed vulnerability added to CISA's catalogue on 10 July 2026.

Last refreshed: 14 July 2026 · Appears in 1 active topic

Key Question

Why is a Joomla contact-forms plugin now on a federal patch-by-deadline list?

Timeline for Balbooa Forms

#1014 Jul

Mentioned in: A quiet KEV fortnight, then a 2008 bug

Cybersecurity: Threats and Defences
View full timeline →
Common Questions
What is the Balbooa Forms Joomla extension?
Balbooa Forms is a web-forms extension for the Joomla content-management system, used to build contact forms and other input forms on a website.
When was the Balbooa Forms vulnerability added to CISA's KEV catalogue?
CISA added a KEV-listed vulnerability in Balbooa Forms to its catalogue on 10 July 2026, one of four Joomla-ecosystem extensions affected that fortnight.Source: event

Background

Balbooa Forms is a web-forms extension for the Joomla content-management system, letting site operators build contact forms, surveys and other input forms without custom coding. Like other Joomla ADD-ons, it integrates directly with the core CMS, meaning a vulnerability in the extension can be used to compromise the wider site.

A KEV-listed vulnerability in Balbooa Forms was added to CISA's Known Exploited Vulnerabilities catalogue on 10 July 2026, one of four Joomla-ecosystem extensions affected in the same fortnight alongside JoomShaper SP Page Builder, iCagenda and a Widget Factory package. That cluster, rather than any single enterprise vendor, defined this KEV window, with only Adobe ColdFusion standing out as a widely deployed enterprise product among the additions.