Critical Alert 1 Active Exploit Detected Today

CVE-2026-48907 — Widget Factory Joomla Content Editor Improper Access Control Vulnerability →

Powered by CVE Watchtower

×

CVE Watchtower

← Back to CVE List

CVE-2026-27429NVD

Vulnerability Summary

Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.

Severity Level

CRITICAL(9.8)

Published Date

Jun 16, 2026

Last Modified

Jun 16, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://patchstack.com/database/wordpress/theme/nifty/vulnerability/wordpress-nifty-theme-1-4-1-php-object-injection-vulnerability?_s_id=cve