Exposures › CVE-2026-48907
Widget Factory Joomla Content Editor allows unauthenticated users to create editor profiles and execute arbitrary PHP code via improper access control.
This vulnerability enables remote code execution through unauthenticated user profile creation, posing a severe risk to DIB organizations relying on Joomla-based systems. The active exploitation status and lack of patching timeline indicate a critical compliance gap under NIST 800-171 and FedRAMP requirements. Organizations must immediately audit all Joomla deployments and apply vendor patches to prevent unauthorized code execution.
Shame score — Active exploitation of a critical RCE vulnerability in a widely-used CMS component demonstrates severe security negligence and exposes DIB organizations to significant data breach and compliance liability.
Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
No correlated FedRAMP products.