PT-2026-51135 · Joomla · Wp Page Builder

Phil Taylor

·

Published

2026-06-20

·

Updated

2026-07-08

·

CVE-2026-48908

CVSS v4.0

10

Critical

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
Name of the Vulnerable Software and Affected Versions SP Page Builder extension for Joomla versions 1.0.0 through 6.6.1
Description A flaw allows unauthenticated users to upload arbitrary files, which can lead to the upload and execution of PHP code. This issue has been actively exploited in real-world incidents, with approximately 194,793 web properties observed loading the component.
Recommendations Update to version 6.6.2.

Fix

RCE

Unrestricted File Upload

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-48908

Affected Products

Wp Page Builder