Security & supply chainSP Page Builder ships a one-file controller patch in 6.6.2, and the locked support thread is a reminder that patching isn't cleanup
JoomShaper has published the verbatim fix for a vulnerable controller endpoint in its SP Page Builder Joomla extension as a public GitHub gist, after issuing the same fix bundled in v6.6.2. The thread that hosts the patch is locked, and the comments under it are the real story: agencies reporting client sites already compromised, with the update closing the door behind attackers who walked in last week.