Hackers have been exploiting critical vulnerabilities in the Balbooa Forms and iCagenda Joomla extensions for code execution.