VirtueMart Releases VM3.0.14 and Announces a New Collaboration with 2Checkout to Provide Seamless International Payments for Online Retailers

Posted in Latest News

We are excited to announce the release of two different versions. The 3.0.14 is the direct succesor and is without VirtueMart Frame VMF. The new 3.1.0 is with new VirtueMart Frame VMF. Both versions include the addition of several notable new features.

VirtueMart is pleased to announce a new partnership with global payments provider, 2Checkout. 2Checkout enables merchants from nearly anywhere in the world to accept payments easily. Its checkout experience is optimized for mobile and other devices, and it provides top-tier security and fraud prevention, as well as dedicated customer support.

Tens of thousands of merchants already trust 2Checkout to help them maximize online sales conversions by providing global payments with a localized buying experience. Now VirtueMart’s merchants can enjoy the same service in just minutes. Once merchants download the new VirtueMart 3 extension, they can select 2Checkout as their payment provider and follow a few easy steps to set up a fully-integrated solution. For more information, please visit

VirtueMart helps online businesses around the world sell every day. Together with 2Checkout, we can now make this process even easier. Merchants can securely adapt to local languages, currencies and payment methods with just one, simple integration.


2Checkout is a global payment provider that makes it easy to accept payments from anyone, anywhere. Trusted by tens of thousands of merchants in 211 markets around the world, 2Checkout offers easy signup and implementation, with top-notch customer support. Businesses and organizations can accept payments using 8 payment methods and in 26 currencies, and settle in 25 home currencies. 2Checkout offers both hosted checkout forms and APIs, and integrates with more than 100 shopping carts. For more information, please visit


Vm3.0.14 is a clean update for any older vm version. We fixed some bugs and added some new features paid by the membership system

  • Change order status of multiple selected orders in the order list using one simple click
  • Create links without Category Name and/or without product suffix
  • product parent id editing field in product edit, so products can be attached to patterns
  • Product multivariants can use a radiolist instead of dropdowns
  • PHP7 compatibilty

This is a very mature release. The maintrunk is already working with the new VMF system which should help to write a bridge for Wordpress. The vm3.1 version is for developers and eager early adopters. For the moment it is the goal, that the whole core works with the new abstraction layer, to concentrate and bundle the bridgeable code.

You should always take a backup of your database. The tableupdater has been strongly enhanced and should handle tables with broken or missing primary fields (fields with auto_increment) a lot better. Note that whilst this has been tested on numerous deployments of VM it is still relatively new.

Changes from vm3.0.12 - vm3.0.14:
- 2checkout added, fixed, and tested
- order filter keeps state
- printing of order within order edit
- added VmConfig::get( 'vm_num_ratings_show', 3 ) to getReviews function
- checkFixJoomlaBEMenuEntries enhanced and moved to core update script (was before in the AIO)
- small fixes for amazon
- fix for media json for the media handler and language
- added limitbox to top for product and category list for joomla3 compatibility
- unique ids for html field vmcategories dropdown
- fix for multiple useage of categoryListTree
- product parent id editing field in product edit, so products can be attached to patterns
- heidelpay update
- Paypal IPN in case payment type='cart' and payment_currency=order_currency
- Updated router, works now without product suffix
- Important code adjustment for avatax
- added ssl support for add to cart popup
- cache for language loading to prevent loading it twice.
- fixed mod_virtuemart_product, added divs for price js and added vmJsApi::writeJS() for cached modules content (cant be cached).
- php7 adjusted html.php,
- product filter in administrator view keeps entered values
- enhanced function getMyOrderDetails, also registered users can now visit a guest order, if they enter correct order pw
- fixed language loading of invoices
- enhanced table updater, better handling of auto_increment fields
- fixed small error in product listing shows media 0 if no media is attached.
- MultiVariant as radio selection
- new layout for category module
- cleaned css
- security and rights managment, (mainly already done for vm3.0.12)
- fixes for tos.php, to set it unrequired
- create Product Clone sets the clone unpublished and product_ordered, product_sales to 0
- Router has new option, to create links without CategoryName
- absolute urls for canonical
- alternative layotus for FE modules
- js validator also for shipment addresses
- Enhanced js validation of country/state combo
- max_cats_per_product
- added hidden config product.published, which determines if a new product is already published. (by default not published)
- browse page shows generic child variants
- Added perms for order editing to the model
- better and robust code for vmvalidator js
- Fix for vmuploader.php, when exif_imagetype is not supported
- added bulk set order status in order admin list
- captcha only for guests
- Added that the top category uses the set metadata
- added loading of product images for invoice
- orderDetails are now accessible in order_done.php
- enhanced tableupdater, also correcting missing Primary Keys

For the brave ones, a preview on vm3.1 (direktdownload):

Critical Security Leak in all Joomla Versions, please update immediatly

Posted in Latest News

The Joomla! team released today a new version with some security hardenings and fixing a critical security leak in all joomla versions.

The critical security leak was already used in the wild. This means it is not a leak, which was disovered by an audit, it is security issue which is already exploited. blogged about

Protect Your Site Now

If you are a Joomla user, check your logs right away. Look for requests from or as they were the first IP addresses to start the exploitation. I also recommend searching your logs for “JDatabaseDriverMysqli” or “O:” in the User Agent as it has been used in the exploits. If you find them, consider your Joomla site compromised and move to the remediation / incident response phase.

For securing your joomla 1.5/2.5 pages, just follow this link It is basically replacing one file.

We post this news, because some of our core members discovered this IPs in his logs. Not a VirtueMart page, but as far as we know it wouldnt make a difference.

Point of Sale for VirtueMart

Posted in Latest News

pos for webshops - connect your virtuemart with your brick&mortar store

We are proud to offer the direct link between online and offline sales with VirtueMart & POS for Webshops.

Now there is a complete Point of Sale (POS) available for VirtueMart. When you have a physical store and a VirtueMart webshop you can sell goods with your Point of Sale without giving your sales staff access to the VirtueMart backend. All products / orders / calculation rules / customers will be synchronized into the POS.

The sales staff can check the VirtueMart weborders from the POS and take the goods from the store with the OrderPicker. After an order is picked it will change the order status in Virtuemart automatically into a pre-defined status like “Ready for Shipment”. When new goods arrive from the supplier you can add those to the (VirtueMart) stock just by scanning the product barcode in the Stockmanager.

Some of the Key Features

  • Direct sync with VirtueMart
  • Easy interface
  • Different logins
  • Use VM calculation rules and Shopper Groups
  • Add customer to an order
  • Use barcodes to add products to an order.
  • Customize the sync options with the Payment methods in the POS.
  • You can print receipts as well as invoices.
  • Orderpicker and Stockmanger included.
  • And much more…

Security Release VirtueMart 3.0.12, plus new goal, new docs

Posted in Latest News

More Security

The company found a new issue, a possible XSS. It misuses the array keys in the URL. Most servers prevent such an URL by default, but nevertheless we've added another protection. We also found and fixed some smaller bugs and glitches in advanced functions and last but not least we added missing backward compatibility for some cases. This release follows 3 release candidates with more than 2000 downloads altogether.

New Goal

Sticking to the Joomla API has emerged as an unlucky decision for us. The future plan is to write more for our own framework VMF, which will give us the freedom to also use other systems than Joomla. The idea is to write a small framework, so that extensions written for VirtueMart should also work on different platforms than Joomla. In other words, instead of developing a standalone VirtueMart, we will try to write an easily bridgeable VirtueMart. We already saw a VirtueMart running on Drupal, so it can't be too hard. But first we want to look into Wordpress. Of course we will need test users and suggestions from developers who are familiar with Wordpress and VirtueMart. So please join our forum if you have some experience with these. We also think about using the Joomla platform by the team of Johan Janssens for our next full installer.

New Docs

Due to our membership system we did find some time to update our manual. We added a lot of pages, which explain general VirtueMart concepts at - It's worthwhile to read them. Even VirtueMart veterans already found some new tricks in it!

Some New Features/Fixes:

  • different thumbnail sizes are possible now (actually a fix, but no one knew it anyway, for templates please read here
  • cart should keep address data of the user, if an error happens like "email already taken"
  • use captcha only for guests
  • Added "None" option for some order status lists.
  • media handling per vendor
  • vmUploader checks uploaded files by MIME and may cancell the upload, controlled by ACL
  • vRequest is now also filtering the array keys (recursive)
  • enhanced synchronise Media (no 10k limit anylonger)
  • moved creation of virtuemart_userinfos and virtuemart_order_userinfos to install_essential_data.sql to prevent that changed fields are reverted updating vm
  • added hidden config updEngine to prevent changing of the table engine
  • added main controller missing for joomla3 to the AIO

The full bug fix list is available here this time:

We also updated VirtueMart 2.6. The new version got the security fixes, enhanced payment plugins and uses now mainly the vm3 table layout. It increases noticeable the performance


Please read here

Release of 3.0.10

Posted in Latest News

Release of 3.0.10

The last stable version vm3.0.8 was 5 months ago. Development has continued during this time, we just spent additional time testing and checking to deliver a more stable version.

We added the ajax script to the cart, so that the new cart is almost like an OPC, you will still add/edit addresses in a separate page. It is backward compatible as long any 3rd party developer/templater uses our javascript handler

The ACL (Access Control List) has been extensively extended and modified. It now supports seperate settings for frontend and backend management.

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.