CISA Orders Feds to Patch Max Severity Joomla Plugin Flaw by Friday

CISA orders feds to patch max severity Joomla plugin flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. [...]

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitrary

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog ggaylor Jun 16, 2026 Release DateJune 16, 2026 DescriptionCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.CVE-2026-48907 Widget Factory Joomla Content Editor Improper Access Control VulnerabilityThis type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to …