Skip to content
You can now search across every topic, entity and event.What's new
JoomShaper SP Page Builder
Product

JoomShaper SP Page Builder

A Joomla content-management page-builder extension.

Last refreshed: 14 July 2026 · Appears in 1 active topic

Key Question

What makes a Joomla page-builder plugin worth CISA's attention?

Timeline for JoomShaper SP Page Builder

#1014 Jul

Mentioned in: A quiet KEV fortnight, then a 2008 bug

Cybersecurity: Threats and Defences
View full timeline →
Common Questions
What is JoomShaper SP Page Builder?
JoomShaper SP Page Builder is a drag-and-drop visual page-building extension for the Joomla content-management system.
When was the SP Page Builder vulnerability added to CISA's KEV list?
CISA added a KEV-listed vulnerability in JoomShaper SP Page Builder to its catalogue on 7 July 2026, one of four Joomla-ecosystem extensions affected that fortnight.Source: event

Background

JoomShaper SP Page Builder is a drag-and-drop page-building extension for the Joomla content-management system, letting site operators design pages visually without writing template code. Extensions like it are core to Joomla's appeal, but they also widen the attack surface of any site that installs them, since a flaw in the extension can compromise the whole site regardless of how well-maintained Joomla's core is.

A KEV-listed vulnerability in JoomShaper SP Page Builder was added to CISA's Known Exploited Vulnerabilities catalogue on 7 July 2026, one of four Joomla-ecosystem extensions affected in the same fortnight alongside iCagenda, Balbooa Forms and a Widget Factory package. The cluster illustrates how the plugin layer, rather than Joomla's core, has become the more frequent source of actively exploited flaws for defenders to track.