CVE-2026-48907 — Widget Factory Joomla Content Editor Improper Access Control Vulnerability

Description

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

How to fix CVE-2026-48907

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2026-48907 being exploited?

Yes — CVE-2026-48907 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.