CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.047

EPSS Ranking 90.6%

CVSS Severity

CVSS v3 Score 9.8

Proposed Action

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

Ransomware Campaign

Unknown

References

Products affected by CVE-2026-48907

Widgetfactorylimited » Jce » Version: 2.5.0

cpe:2.3:a:widgetfactorylimited:jce:2.5.0
Widgetfactorylimited » Jce » Version: 2.5.1

cpe:2.3:a:widgetfactorylimited:jce:2.5.1
Widgetfactorylimited » Jce » Version: 2.5.2

cpe:2.3:a:widgetfactorylimited:jce:2.5.2
Widgetfactorylimited » Jce » Version: 2.5.3

cpe:2.3:a:widgetfactorylimited:jce:2.5.3
Widgetfactorylimited » Jce » Version: 2.6.0

cpe:2.3:a:widgetfactorylimited:jce:2.6.0
Widgetfactorylimited » Jce » Version: 2.6.1

cpe:2.3:a:widgetfactorylimited:jce:2.6.1
Widgetfactorylimited » Jce » Version: 2.6.10

cpe:2.3:a:widgetfactorylimited:jce:2.6.10
Widgetfactorylimited » Jce » Version: 2.6.11

cpe:2.3:a:widgetfactorylimited:jce:2.6.11
Widgetfactorylimited » Jce » Version: 2.6.12

cpe:2.3:a:widgetfactorylimited:jce:2.6.12
Widgetfactorylimited » Jce » Version: 2.6.14

cpe:2.3:a:widgetfactorylimited:jce:2.6.14
Widgetfactorylimited » Jce » Version: 2.6.15

cpe:2.3:a:widgetfactorylimited:jce:2.6.15
Widgetfactorylimited » Jce » Version: 2.6.16

cpe:2.3:a:widgetfactorylimited:jce:2.6.16
Widgetfactorylimited » Jce » Version: 2.6.17

cpe:2.3:a:widgetfactorylimited:jce:2.6.17
Widgetfactorylimited » Jce » Version: 2.6.18

cpe:2.3:a:widgetfactorylimited:jce:2.6.18
Widgetfactorylimited » Jce » Version: 2.6.19

cpe:2.3:a:widgetfactorylimited:jce:2.6.19
Widgetfactorylimited » Jce » Version: 2.6.2

cpe:2.3:a:widgetfactorylimited:jce:2.6.2
Widgetfactorylimited » Jce » Version: 2.6.20

cpe:2.3:a:widgetfactorylimited:jce:2.6.20
Widgetfactorylimited » Jce » Version: 2.6.21

cpe:2.3:a:widgetfactorylimited:jce:2.6.21
Widgetfactorylimited » Jce » Version: 2.6.22

cpe:2.3:a:widgetfactorylimited:jce:2.6.22
Widgetfactorylimited » Jce » Version: 2.6.23

cpe:2.3:a:widgetfactorylimited:jce:2.6.23
Widgetfactorylimited » Jce » Version: 2.6.24

cpe:2.3:a:widgetfactorylimited:jce:2.6.24
Widgetfactorylimited » Jce » Version: 2.6.25

cpe:2.3:a:widgetfactorylimited:jce:2.6.25
Widgetfactorylimited » Jce » Version: 2.6.26

cpe:2.3:a:widgetfactorylimited:jce:2.6.26
Widgetfactorylimited » Jce » Version: 2.6.27

cpe:2.3:a:widgetfactorylimited:jce:2.6.27
Widgetfactorylimited » Jce » Version: 2.6.28

cpe:2.3:a:widgetfactorylimited:jce:2.6.28
Widgetfactorylimited » Jce » Version: 2.6.29

cpe:2.3:a:widgetfactorylimited:jce:2.6.29
Widgetfactorylimited » Jce » Version: 2.6.3

cpe:2.3:a:widgetfactorylimited:jce:2.6.3
Widgetfactorylimited » Jce » Version: 2.6.30

cpe:2.3:a:widgetfactorylimited:jce:2.6.30
Widgetfactorylimited » Jce » Version: 2.6.31

cpe:2.3:a:widgetfactorylimited:jce:2.6.31
Widgetfactorylimited » Jce » Version: 2.6.32

cpe:2.3:a:widgetfactorylimited:jce:2.6.32
Widgetfactorylimited » Jce » Version: 2.6.33

cpe:2.3:a:widgetfactorylimited:jce:2.6.33
Widgetfactorylimited » Jce » Version: 2.6.34

cpe:2.3:a:widgetfactorylimited:jce:2.6.34
Widgetfactorylimited » Jce » Version: 2.6.35

cpe:2.3:a:widgetfactorylimited:jce:2.6.35
Widgetfactorylimited » Jce » Version: 2.6.36

cpe:2.3:a:widgetfactorylimited:jce:2.6.36
Widgetfactorylimited » Jce » Version: 2.6.37

cpe:2.3:a:widgetfactorylimited:jce:2.6.37
Widgetfactorylimited » Jce » Version: 2.6.38

cpe:2.3:a:widgetfactorylimited:jce:2.6.38
Widgetfactorylimited » Jce » Version: 2.6.4

cpe:2.3:a:widgetfactorylimited:jce:2.6.4
Widgetfactorylimited » Jce » Version: 2.6.5

cpe:2.3:a:widgetfactorylimited:jce:2.6.5
Widgetfactorylimited » Jce » Version: 2.6.6

cpe:2.3:a:widgetfactorylimited:jce:2.6.6
Widgetfactorylimited » Jce » Version: 2.6.7

cpe:2.3:a:widgetfactorylimited:jce:2.6.7
Widgetfactorylimited » Jce » Version: 2.6.7.1

cpe:2.3:a:widgetfactorylimited:jce:2.6.7.1
Widgetfactorylimited » Jce » Version: 2.6.8

cpe:2.3:a:widgetfactorylimited:jce:2.6.8
Widgetfactorylimited » Jce » Version: 2.6.9

cpe:2.3:a:widgetfactorylimited:jce:2.6.9
Widgetfactorylimited » Jce » Version: 2.7.0

cpe:2.3:a:widgetfactorylimited:jce:2.7.0
Widgetfactorylimited » Jce » Version: 2.7.1

cpe:2.3:a:widgetfactorylimited:jce:2.7.1
Widgetfactorylimited » Jce » Version: 2.7.10

cpe:2.3:a:widgetfactorylimited:jce:2.7.10
Widgetfactorylimited » Jce » Version: 2.7.11

cpe:2.3:a:widgetfactorylimited:jce:2.7.11
Widgetfactorylimited » Jce » Version: 2.7.12

cpe:2.3:a:widgetfactorylimited:jce:2.7.12
Widgetfactorylimited » Jce » Version: 2.7.13

cpe:2.3:a:widgetfactorylimited:jce:2.7.13
Widgetfactorylimited » Jce » Version: 2.7.14

cpe:2.3:a:widgetfactorylimited:jce:2.7.14
Widgetfactorylimited » Jce » Version: 2.7.15

cpe:2.3:a:widgetfactorylimited:jce:2.7.15
Widgetfactorylimited » Jce » Version: 2.7.16

cpe:2.3:a:widgetfactorylimited:jce:2.7.16
Widgetfactorylimited » Jce » Version: 2.7.17

cpe:2.3:a:widgetfactorylimited:jce:2.7.17
Widgetfactorylimited » Jce » Version: 2.7.18

cpe:2.3:a:widgetfactorylimited:jce:2.7.18
Widgetfactorylimited » Jce » Version: 2.7.19

cpe:2.3:a:widgetfactorylimited:jce:2.7.19
Widgetfactorylimited » Jce » Version: 2.7.2

cpe:2.3:a:widgetfactorylimited:jce:2.7.2
Widgetfactorylimited » Jce » Version: 2.7.20

cpe:2.3:a:widgetfactorylimited:jce:2.7.20
Widgetfactorylimited » Jce » Version: 2.7.3

cpe:2.3:a:widgetfactorylimited:jce:2.7.3
Widgetfactorylimited » Jce » Version: 2.7.4

cpe:2.3:a:widgetfactorylimited:jce:2.7.4
Widgetfactorylimited » Jce » Version: 2.7.5

cpe:2.3:a:widgetfactorylimited:jce:2.7.5
Widgetfactorylimited » Jce » Version: 2.7.6

cpe:2.3:a:widgetfactorylimited:jce:2.7.6
Widgetfactorylimited » Jce » Version: 2.7.7

cpe:2.3:a:widgetfactorylimited:jce:2.7.7
Widgetfactorylimited » Jce » Version: 2.7.8

cpe:2.3:a:widgetfactorylimited:jce:2.7.8
Widgetfactorylimited » Jce » Version: 2.7.9

cpe:2.3:a:widgetfactorylimited:jce:2.7.9
Widgetfactorylimited » Jce » Version: 2.8.0

cpe:2.3:a:widgetfactorylimited:jce:2.8.0
Widgetfactorylimited » Jce » Version: 2.8.1

cpe:2.3:a:widgetfactorylimited:jce:2.8.1
Widgetfactorylimited » Jce » Version: 2.8.10

cpe:2.3:a:widgetfactorylimited:jce:2.8.10
Widgetfactorylimited » Jce » Version: 2.8.11

cpe:2.3:a:widgetfactorylimited:jce:2.8.11
Widgetfactorylimited » Jce » Version: 2.8.12

cpe:2.3:a:widgetfactorylimited:jce:2.8.12
Widgetfactorylimited » Jce » Version: 2.8.13

cpe:2.3:a:widgetfactorylimited:jce:2.8.13
Widgetfactorylimited » Jce » Version: 2.8.14

cpe:2.3:a:widgetfactorylimited:jce:2.8.14
Widgetfactorylimited » Jce » Version: 2.8.15

cpe:2.3:a:widgetfactorylimited:jce:2.8.15
Widgetfactorylimited » Jce » Version: 2.8.16

cpe:2.3:a:widgetfactorylimited:jce:2.8.16
Widgetfactorylimited » Jce » Version: 2.8.17

cpe:2.3:a:widgetfactorylimited:jce:2.8.17
Widgetfactorylimited » Jce » Version: 2.8.18

cpe:2.3:a:widgetfactorylimited:jce:2.8.18
Widgetfactorylimited » Jce » Version: 2.8.2

cpe:2.3:a:widgetfactorylimited:jce:2.8.2
Widgetfactorylimited » Jce » Version: 2.8.3

cpe:2.3:a:widgetfactorylimited:jce:2.8.3
Widgetfactorylimited » Jce » Version: 2.8.4

cpe:2.3:a:widgetfactorylimited:jce:2.8.4
Widgetfactorylimited » Jce » Version: 2.8.5

cpe:2.3:a:widgetfactorylimited:jce:2.8.5
Widgetfactorylimited » Jce » Version: 2.8.6

cpe:2.3:a:widgetfactorylimited:jce:2.8.6
Widgetfactorylimited » Jce » Version: 2.8.7

cpe:2.3:a:widgetfactorylimited:jce:2.8.7
Widgetfactorylimited » Jce » Version: 2.8.8

cpe:2.3:a:widgetfactorylimited:jce:2.8.8
Widgetfactorylimited » Jce » Version: 2.8.9

cpe:2.3:a:widgetfactorylimited:jce:2.8.9
Widgetfactorylimited » Jce » Version: 2.9.0

cpe:2.3:a:widgetfactorylimited:jce:2.9.0
Widgetfactorylimited » Jce » Version: 2.9.1

cpe:2.3:a:widgetfactorylimited:jce:2.9.1
Widgetfactorylimited » Jce » Version: 2.9.10

cpe:2.3:a:widgetfactorylimited:jce:2.9.10
Widgetfactorylimited » Jce » Version: 2.9.11

cpe:2.3:a:widgetfactorylimited:jce:2.9.11
Widgetfactorylimited » Jce » Version: 2.9.12

cpe:2.3:a:widgetfactorylimited:jce:2.9.12
Widgetfactorylimited » Jce » Version: 2.9.14

cpe:2.3:a:widgetfactorylimited:jce:2.9.14
Widgetfactorylimited » Jce » Version: 2.9.15

cpe:2.3:a:widgetfactorylimited:jce:2.9.15
Widgetfactorylimited » Jce » Version: 2.9.16

cpe:2.3:a:widgetfactorylimited:jce:2.9.16
Widgetfactorylimited » Jce » Version: 2.9.17

cpe:2.3:a:widgetfactorylimited:jce:2.9.17
Widgetfactorylimited » Jce » Version: 2.9.2

cpe:2.3:a:widgetfactorylimited:jce:2.9.2
Widgetfactorylimited » Jce » Version: 2.9.3

cpe:2.3:a:widgetfactorylimited:jce:2.9.3
Widgetfactorylimited » Jce » Version: 2.9.30

cpe:2.3:a:widgetfactorylimited:jce:2.9.30
Widgetfactorylimited » Jce » Version: 2.9.31

cpe:2.3:a:widgetfactorylimited:jce:2.9.31
Widgetfactorylimited » Jce » Version: 2.9.32

cpe:2.3:a:widgetfactorylimited:jce:2.9.32
Widgetfactorylimited » Jce » Version: 2.9.33

cpe:2.3:a:widgetfactorylimited:jce:2.9.33
Widgetfactorylimited » Jce » Version: 2.9.34

cpe:2.3:a:widgetfactorylimited:jce:2.9.34
Widgetfactorylimited » Jce » Version: 2.9.35

cpe:2.3:a:widgetfactorylimited:jce:2.9.35
Widgetfactorylimited » Jce » Version: 2.9.36

cpe:2.3:a:widgetfactorylimited:jce:2.9.36
Widgetfactorylimited » Jce » Version: 2.9.37

cpe:2.3:a:widgetfactorylimited:jce:2.9.37
Widgetfactorylimited » Jce » Version: 2.9.38

cpe:2.3:a:widgetfactorylimited:jce:2.9.38
Widgetfactorylimited » Jce » Version: 2.9.39

cpe:2.3:a:widgetfactorylimited:jce:2.9.39
Widgetfactorylimited » Jce » Version: 2.9.4

cpe:2.3:a:widgetfactorylimited:jce:2.9.4
Widgetfactorylimited » Jce » Version: 2.9.40

cpe:2.3:a:widgetfactorylimited:jce:2.9.40
Widgetfactorylimited » Jce » Version: 2.9.41

cpe:2.3:a:widgetfactorylimited:jce:2.9.41
Widgetfactorylimited » Jce » Version: 2.9.5

cpe:2.3:a:widgetfactorylimited:jce:2.9.5
Widgetfactorylimited » Jce » Version: 2.9.50

cpe:2.3:a:widgetfactorylimited:jce:2.9.50
Widgetfactorylimited » Jce » Version: 2.9.51

cpe:2.3:a:widgetfactorylimited:jce:2.9.51
Widgetfactorylimited » Jce » Version: 2.9.52

cpe:2.3:a:widgetfactorylimited:jce:2.9.52
Widgetfactorylimited » Jce » Version: 2.9.53

cpe:2.3:a:widgetfactorylimited:jce:2.9.53
Widgetfactorylimited » Jce » Version: 2.9.54

cpe:2.3:a:widgetfactorylimited:jce:2.9.54
Widgetfactorylimited » Jce » Version: 2.9.55

cpe:2.3:a:widgetfactorylimited:jce:2.9.55
Widgetfactorylimited » Jce » Version: 2.9.56

cpe:2.3:a:widgetfactorylimited:jce:2.9.56
Widgetfactorylimited » Jce » Version: 2.9.57

cpe:2.3:a:widgetfactorylimited:jce:2.9.57
Widgetfactorylimited » Jce » Version: 2.9.58

cpe:2.3:a:widgetfactorylimited:jce:2.9.58
Widgetfactorylimited » Jce » Version: 2.9.59

cpe:2.3:a:widgetfactorylimited:jce:2.9.59
Widgetfactorylimited » Jce » Version: 2.9.6

cpe:2.3:a:widgetfactorylimited:jce:2.9.6
Widgetfactorylimited » Jce » Version: 2.9.60

cpe:2.3:a:widgetfactorylimited:jce:2.9.60
Widgetfactorylimited » Jce » Version: 2.9.61

cpe:2.3:a:widgetfactorylimited:jce:2.9.61
Widgetfactorylimited » Jce » Version: 2.9.62

cpe:2.3:a:widgetfactorylimited:jce:2.9.62
Widgetfactorylimited » Jce » Version: 2.9.63

cpe:2.3:a:widgetfactorylimited:jce:2.9.63
Widgetfactorylimited » Jce » Version: 2.9.7

cpe:2.3:a:widgetfactorylimited:jce:2.9.7
Widgetfactorylimited » Jce » Version: 2.9.70

cpe:2.3:a:widgetfactorylimited:jce:2.9.70
Widgetfactorylimited » Jce » Version: 2.9.71

cpe:2.3:a:widgetfactorylimited:jce:2.9.71
Widgetfactorylimited » Jce » Version: 2.9.72

cpe:2.3:a:widgetfactorylimited:jce:2.9.72
Widgetfactorylimited » Jce » Version: 2.9.73

cpe:2.3:a:widgetfactorylimited:jce:2.9.73
Widgetfactorylimited » Jce » Version: 2.9.74

cpe:2.3:a:widgetfactorylimited:jce:2.9.74
Widgetfactorylimited » Jce » Version: 2.9.75

cpe:2.3:a:widgetfactorylimited:jce:2.9.75
Widgetfactorylimited » Jce » Version: 2.9.76

cpe:2.3:a:widgetfactorylimited:jce:2.9.76
Widgetfactorylimited » Jce » Version: 2.9.77

cpe:2.3:a:widgetfactorylimited:jce:2.9.77
Widgetfactorylimited » Jce » Version: 2.9.78

cpe:2.3:a:widgetfactorylimited:jce:2.9.78
Widgetfactorylimited » Jce » Version: 2.9.79

cpe:2.3:a:widgetfactorylimited:jce:2.9.79
Widgetfactorylimited » Jce » Version: 2.9.8

cpe:2.3:a:widgetfactorylimited:jce:2.9.8
Widgetfactorylimited » Jce » Version: 2.9.80

cpe:2.3:a:widgetfactorylimited:jce:2.9.80
Widgetfactorylimited » Jce » Version: 2.9.81

cpe:2.3:a:widgetfactorylimited:jce:2.9.81
Widgetfactorylimited » Jce » Version: 2.9.82

cpe:2.3:a:widgetfactorylimited:jce:2.9.82
Widgetfactorylimited » Jce » Version: 2.9.83

cpe:2.3:a:widgetfactorylimited:jce:2.9.83
Widgetfactorylimited » Jce » Version: 2.9.84

cpe:2.3:a:widgetfactorylimited:jce:2.9.84
Widgetfactorylimited » Jce » Version: 2.9.85

cpe:2.3:a:widgetfactorylimited:jce:2.9.85
Widgetfactorylimited » Jce » Version: 2.9.86

cpe:2.3:a:widgetfactorylimited:jce:2.9.86
Widgetfactorylimited » Jce » Version: 2.9.87

cpe:2.3:a:widgetfactorylimited:jce:2.9.87
Widgetfactorylimited » Jce » Version: 2.9.88

cpe:2.3:a:widgetfactorylimited:jce:2.9.88
Widgetfactorylimited » Jce » Version: 2.9.88.1

cpe:2.3:a:widgetfactorylimited:jce:2.9.88.1
Widgetfactorylimited » Jce » Version: 2.9.89

cpe:2.3:a:widgetfactorylimited:jce:2.9.89
Widgetfactorylimited » Jce » Version: 2.9.9

cpe:2.3:a:widgetfactorylimited:jce:2.9.9
Widgetfactorylimited » Jce » Version: 2.9.90

cpe:2.3:a:widgetfactorylimited:jce:2.9.90
Widgetfactorylimited » Jce » Version: 2.9.91

cpe:2.3:a:widgetfactorylimited:jce:2.9.91
Widgetfactorylimited » Jce » Version: 2.9.92

cpe:2.3:a:widgetfactorylimited:jce:2.9.92
Widgetfactorylimited » Jce » Version: 2.9.93

cpe:2.3:a:widgetfactorylimited:jce:2.9.93
Widgetfactorylimited » Jce » Version: 2.9.94

cpe:2.3:a:widgetfactorylimited:jce:2.9.94
Widgetfactorylimited » Jce » Version: 2.9.95

cpe:2.3:a:widgetfactorylimited:jce:2.9.95
Widgetfactorylimited » Jce » Version: 2.9.96

cpe:2.3:a:widgetfactorylimited:jce:2.9.96
Widgetfactorylimited » Jce » Version: 2.9.97

cpe:2.3:a:widgetfactorylimited:jce:2.9.97
Widgetfactorylimited » Jce » Version: 2.9.98

cpe:2.3:a:widgetfactorylimited:jce:2.9.98
Widgetfactorylimited » Jce » Version: 2.9.99

cpe:2.3:a:widgetfactorylimited:jce:2.9.99
Widgetfactorylimited » Jce » Version: 2.9.99.1

cpe:2.3:a:widgetfactorylimited:jce:2.9.99.1
Widgetfactorylimited » Jce » Version: 2.9.99.2

cpe:2.3:a:widgetfactorylimited:jce:2.9.99.2
Widgetfactorylimited » Jce » Version: 2.9.99.3

cpe:2.3:a:widgetfactorylimited:jce:2.9.99.3
Widgetfactorylimited » Jce » Version: 2.9.99.4

cpe:2.3:a:widgetfactorylimited:jce:2.9.99.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-48907

Products

Pricing

Contact Us