Back to search
CVE-2026-21627
Published: Feb 20, 2026
Modified: Feb 23, 2026
PUBLISHED
Description
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.
| Vendor | Product | Versions |
|---|---|---|
tassos.gr | Novarain/Tassos Framework (plg_system_nrframework) | affected 4.10.14–6.0.37 |
tassos.gr | Convert Forms | affected 3.2.12–5.1.0 |
tassos.gr | EngageBox | affected 6.0.0–7.1.0 |
tassos.gr | Google Structured Data | affected 5.1.7–6.1.0 |
tassos.gr | Advanced Custom Fields | affected 2.2.0–3.1.0 |
tassos.gr | Smile Pack | affected 1.0.0–2.1.0 |
Weaknesses (CWE)
References
https://tassos.gr
product
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now