← All CVEs
CVE-2026-48907TrackedCISA KEV
Widget Factory · Joomla Content Editor
Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
Disclosed
2026-06-05
34 days ago
Status
no honeypot capture yet
on CISA KEV — watching
7-day events
0
across 0 distinct IPs
7-day spread
0 ASN · 0 cty
0 active days
Top ASNs
No events captured yet.
Top countries
No events captured yet.
References
- https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites
- https://www.joomlacontenteditor.net/support/changelog/editor
- https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk
- https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk
- https://nvd.nist.gov/vuln/detail/CVE-2026-48907