HIGHVulnerability
Verified
Global

CISA KEV: Widget Factory Joomla Content Editor — Widget Factory Joomla Content Editor Improper Access Control Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

Analysis

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. Added to CISA Known Exploited Vulnerabilities catalog on 2026-06-16. Remediation due: 2026-06-19.

Indicators of Compromise (1)

CVE (1)
CVE-2026-48907
Source Attribution

Originally published by CISA KEV on Jun 16, 2026. Verified by: CISA.

Related Threats