Yesterday, my day ended delivering a webinar on Joomla security, only to start today with a new critical vulnerability found in a popular Joomla! extension – eXtplorer File Manager. This vulnerability is a classic example of two of the most popular ways to exploit an application: vulnerable plugin and weak login details. Of course as soon as the issue got discovered we started working on protecting our Joomla customers on a server level. Below I will explain the vulnerability, what we did to fix it on our servers, and what you should do if you are not hosted by SiteGround.