Wiredtree, a managed web hosting company based in Chicago, Illinois, recently warned all Joomla! users of a remote code execution vulnerability. This vulnerability can be fixed with an upgrade or a patch, which should be installed immediately. The warning was also publicized in Ars Technica recently and has been exploited often by hackers.
Joomla! may not be the leading CMS, but they do have many large-scale users. All users not upgrading or installing the patch are at risk of an attack.