The U.S. Cybersecurity and Infrastructure Security Agency has added a critical vulnerability in the Widget Factory Joomla Content Editor plugin to its Known Exploited Vulnerabilities catalog, mandating that federal agencies patch the flaw by a specified deadline. The vulnerability, tracked as CVE-2024-56359, carries a maximum CVSS severity score and is confirmed to be under active exploitation in the wild.
The JCE plugin is a widely used content editor for Joomla websites, providing enhanced editing capabilities for site administrators and content creators. This particular vulnerability affects versions of the plugin prior to the patched release, making thousands of Joomla installations potentially vulnerable to attack. The flaw's presence in such a common component amplifies the risk across the broader web ecosystem.
CVE-2024-56359 allows unauthenticated remote attackers to execute arbitrary code on vulnerable systems without requiring any user interaction or valid credentials. This type of vulnerability represents one of the most severe security risks, as successful exploitation grants attackers complete control over affected web servers. Attackers can leverage this access to steal sensitive data, install malware, modify website content, or use compromised servers as launching points for further attacks.
The addition to CISA's KEV catalog signals that threat actors are already exploiting this vulnerability in real-world attacks. Federal agencies face mandatory patching deadlines under Binding Operational Directive 22-01, which requires remediation of known exploited vulnerabilities within specified timeframes. The active exploitation status means attackers have developed working exploit code and are scanning for vulnerable installations.
Organizations running Joomla websites with the JCE plugin should immediately verify their plugin version and apply available security updates. Website administrators should check their Joomla extension manager for updates to the JCE plugin and install the patched version without delay. Beyond patching, organizations should review web server logs for signs of compromise, monitor for unusual administrative activity, and consider implementing web application firewalls as an additional protective layer while patches are deployed.
Source: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-joomla-plugin-flaw-by-friday/