Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the Widget Factory Joomla Content Editor extension to its Known Exploited Vulnerabilities catalog, highlighting the need for vigilance in cybersecurity measures.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Widget Factory Joomla Content Editor extension to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2026-48907, allows attackers to create new editor profiles for unauthenticated users, resulting in PHP code upload and execution. CISA has warned that versions 1.0.0 through 2.9.99.4 are vulnerable, while a patched version 2.9.99.5 was released on June 3, 2026. Private organizations should review their infrastructure and address these vulnerabilities, as well as keep up-to-date with software updates and patches. The U.S. government is taking swift action against this vulnerability to protect critical infrastructure from cyber threats.
Cybersecurity agencies around the world are constantly on the lookout for vulnerabilities that can be exploited by malicious actors to gain unauthorized access to sensitive information or disrupt critical infrastructure. Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability in the Widget Factory Joomla Content Editor (JCE) extension to its Known Exploited Vulnerabilities (KEV) catalog.
The JCE editor is a popular content editing tool used by many websites, particularly those built using the Joomla content management system. However, this popular tool has been found to contain a critical flaw that allows attackers to create new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. This vulnerability, tracked as CVE-2026-48907, has a CVSS score of 10.0, indicating its high severity.
The CISA warned that the widget factory Joomla Content Editor version 1.0.0 through 2.9.99.4 are vulnerable to this issue, while a patched version, 2.9.99.5, was released on June 3, 2026. The agency has also urged federal agencies to address this vulnerability by the end of this week, on June 19, 2026.
Experts have emphasized that private organizations should review their infrastructure and address these vulnerabilities as well. The CISA has also highlighted the importance of keeping up-to-date with software updates and patches to prevent such attacks.
The U.S. government is taking swift action against this vulnerability, as part of its efforts to protect critical infrastructure from cyber threats. The binding operational directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities emphasizes the need for federal agencies to address identified vulnerabilities by their due dates.
In addition to the CISA, other cybersecurity agencies and organizations should be on high alert regarding this vulnerability as well. Private organizations must ensure they have adequate security measures in place to prevent unauthorized access and malicious activities.
Furthermore, experts recommend that all individuals involved in IT and cybersecurity take note of this vulnerability and ensure their systems are up-to-date with the latest patches. Regular software updates and backups can significantly reduce the risk of data breaches and other cyber threats.
In conclusion, the recent addition of the Widget Factory Joomla Content Editor flaw to the U.S. CISA's KEV catalog highlights the importance of vigilance in cybersecurity. Organizations must prioritize security measures and keep up-to-date with the latest software patches to prevent such vulnerabilities from being exploited by malicious actors.
Related Information:
https://www.ethicalhackingnews.com/articles/US-CISA-Adds-Widget-Factory-Joomla-Content-Editor-Flaw-to-Known-Exploited-Vulnerabilities-Catalog-ehn.shtml
https://securityaffairs.com/193775/hacking/u-s-cisa-adds-widget-factory-joomla-content-editor-jce-flaw-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2026-48907
https://www.cvedetails.com/cve/CVE-2026-48907/
Published: Thu Jun 18 01:30:45 2026 by llama3.2 3B Q4_K_M
