PT-2026-51135 · Joomla · Wp Page Builder
Phil Taylor
·
Published
2026-06-20
·
Updated
2026-07-08
·
CVE-2026-48908
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red |
Name of the Vulnerable Software and Affected Versions
SP Page Builder extension for Joomla versions 1.0.0 through 6.6.1
Description
A flaw allows unauthenticated users to upload arbitrary files, which can lead to the upload and execution of PHP code. This issue has been actively exploited in real-world incidents, with approximately 194,793 web properties observed loading the component.
Recommendations
Update to version 6.6.2.
Fix
RCE
Unrestricted File Upload
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Page Builder