Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week. The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled.