CVE-2026-48907 — Actively Exploited: Joomla Content Editor (Widget Factory)
Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
| CVE ID | CVE-2026-48907 |
|---|---|
| Vendor | Widget Factory |
| Product | Joomla Content Editor |
| Vulnerability name | Widget Factory Joomla Content Editor Improper Access Control Vulnerability |
| Date added | 2026-06-16 |
| Remediation due | 2026-06-19 |
| Known ransomware use | Unknown |
| Required action | Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discon |
| Description | Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →