Security researchers and software vendors warn that attackers are actively exploiting vulnerabilities in both Joomla and the LiteSpeed cPanel plugin, posing significant risks to website administrators and shared hosting environments. 

One of the most urgent issues is CVE-2026-48907, a critical vulnerability affecting the Joomla Content Editor (JCE). The flaw stems from an improper access-control weakness that allows unauthenticated attackers to upload editor profiles and, ultimately, execute arbitrary PHP code on vulnerable servers. Security experts say threat actors are already abusing the bug in real-world attacks. 

The JCE security update was first released on June 3, 2026, with JCE...