
JoomShaper SP Page Builder
A Joomla content-management page-builder extension.
Last refreshed: 14 July 2026 · Appears in 1 active topic
What makes a Joomla page-builder plugin worth CISA's attention?
Timeline for JoomShaper SP Page Builder
Mentioned in: A quiet KEV fortnight, then a 2008 bug
Cybersecurity: Threats and DefencesWhat is JoomShaper SP Page Builder?
When was the SP Page Builder vulnerability added to CISA's KEV list?
Background
JoomShaper SP Page Builder is a drag-and-drop page-building extension for the Joomla content-management system, letting site operators design pages visually without writing template code. Extensions like it are core to Joomla's appeal, but they also widen the attack surface of any site that installs them, since a flaw in the extension can compromise the whole site regardless of how well-maintained Joomla's core is.
A KEV-listed vulnerability in JoomShaper SP Page Builder was added to CISA's Known Exploited Vulnerabilities catalogue on 7 July 2026, one of four Joomla-ecosystem extensions affected in the same fortnight alongside iCagenda, Balbooa Forms and a Widget Factory package. The cluster illustrates how the plugin layer, rather than Joomla's core, has become the more frequent source of actively exploited flaws for defenders to track.