SecurityWeek ·EN-US News source Exploited in the wildJoomla Content Editor (JCE) ProLiteSpeed cPanel user-end pluginJoomla Widget Factory JCE
Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
CVE Tools coverage
Attackers are exploiting security weaknesses in Joomla’s Content Editor (JCE) and the LiteSpeed cPanel plugin to gain code execution and escalate privileges. Joomla JCE Pro versions before 2.9.99.5 are affected by CVE-2026-48907, enabling unauthenticated abuse to upload arbitrary files and run PHP code; fixes were released in 2.9.99.5 and strengthened again in 2.9.99.6. Separately, LiteSpeed’s user-end cPanel plugin versions before 2.4.8 are impacted by CVE-2026-54420, where improper symlink handling can let attackers escalate to root on shared hosting running CloudLinux/CageFS; both issues have been added to CISA’s KEV catalog, underscoring the urgency to patch.