Tag: widget factory

1 article

Blurred laptop screen showing Joomla Content Editor interface in a tech office setting.

CISA Warns of Actively Exploited Joomla Flaw Enabling PHP Code Execution

A critical Joomla flaw, tracked as CVE-2026-48907, is being actively exploited, allowing attackers to upload and execute PHP code - and the US Cybersecurity and Infrastructure Security Agency (CISA) is warning users to take immediate action. A patch is available in version 2.9.99.5 of the Widget Factory Joomla Content Editor.

Analyst 207Jun 17, 2026