CVE-2026-49049

HIGH 7.5

Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.

CWE	CWE-284
Vendor	joomshaper.com
Product	helix3 extension for joomla
Published	Jun 29, 2026
Last Updated	Jun 29, 2026

Stay Ahead of the Next One

Get instant alerts for joomshaper.com helix3 extension for joomla

Be the first to know when new high vulnerabilities affecting joomshaper.com helix3 extension for joomla are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

joomshaper.com / Helix3 extension for Joomla

1.0-3.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

joomshaper.com: https://www.joomshaper.com/

Credits

Phil Taylor