The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security vulnerability affecting the Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. This vulnerability, identified as CVE-2026-48907 with a maximum CVSS score of 10.0, stems from improper access controls within the JCE extension, potentially allowing unauthorized users to upload and execute arbitrary PHP code.
The flaw specifically enables attackers to create new editor profiles without authentication, facilitating the upload and execution of malicious PHP scripts. This issue affects JCE versions from 1.0.0 through 2.9.99.4. The developers addressed the vulnerability in version 2.9.99.5, released on June 3, 2026, noting that insufficient access controls previously permitted unauthenticated users to upload editor profiles.
While the exact methods of exploitation remain undisclosed, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the necessary patches by June 19, 2026, to mitigate potential threats.
Recent Attacks on WordPress Platforms
In related developments, cybersecurity firm Sansec has reported a supply chain attack targeting over one million WordPress sites utilizing plugins such as OptinMonster, TrustPulse, and PushEngage. Attackers injected malicious JavaScript into these plugins, which, upon detecting a logged-in administrator, created a backdoor admin account and installed a concealed backdoor plugin.
Additionally, another campaign involved embedding a counterfeit WordPress plugin named “Beloved PBN Entegrasyonu” into compromised sites. This plugin covertly sent the site’s URL to an external API with each page load and injected arbitrary HTML or JavaScript into the webpage’s footer. The attackers managed to establish PHP web shells within the site’s database, granting them unrestricted access to the server’s file system without authentication.
These incidents underscore the persistent threats facing content management systems like Joomla and WordPress. Website administrators are urged to promptly update their plugins and extensions, implement robust access controls, and monitor for unauthorized changes to maintain the security and integrity of their platforms.
The active exploitation of the Joomla JCE vulnerability highlights the critical importance of timely software updates and vigilant security practices. As attackers continue to target widely-used content management systems, staying informed about emerging threats and applying patches promptly is essential to safeguard digital assets and maintain user trust.
