
iCagenda
A Joomla calendar and events extension.
Last refreshed: 14 July 2026 · Appears in 1 active topic
Why did a Joomla events-calendar plugin end up on a federal exploited-vulnerabilities list?
Timeline for iCagenda
Mentioned in: A quiet KEV fortnight, then a 2008 bug
Cybersecurity: Threats and DefencesWhat is the iCagenda Joomla extension?
When was the iCagenda vulnerability added to CISA's KEV catalogue?
Background
iCagenda is a calendar and event-management extension for the Joomla content-management system, used by site operators to publish and manage listings of upcoming events. Like other Joomla extensions, it plugs directly into the core CMS, so a flaw in its code can expose the whole site it runs on, not just the events section.
A KEV-listed vulnerability in iCagenda was added to CISA's Known Exploited Vulnerabilities catalogue on 10 July 2026, part of a run of four Joomla-ecosystem extensions affected in the same fortnight alongside JoomShaper SP Page Builder, Balbooa Forms and a Widget Factory package. The concentration of Joomla plugin flaws, rather than a single major vendor, was the defining feature of this KEV window.