I opened this ticket because, reading my server logs, I immediately noticed the anomaly and immediately suggested solutions.
A file needed fixing, and that was the immediate solution.
I haven't taken any further action, but since I'm receiving all the changes, I've read the frustrations of some users complaining about the vulnerability and, according to them, the late fix provided by the Joomshaper team.
While I disagree, considering that Joomshaper immediately released a security patch, some important considerations need to be made.
While it's true that the vulnerability was present, it was immediately explained how to check if the website had been compromised.
Reading the many comments, I've realized that many have confused the vulnerability in PBuilder, JCE, and even other components.
This is unfair to the Joomshaper team, which is quick to respond to powerful software like PageBuilder (or the Helix framework).
Beyond all this, however, it must also be said that some of the breaches I've read about are also due to the poor security of the servers hosting the various web projects.
I would advise those who manage server settings, at a system level, to adopt some strategies that are simple to implement on Linux and that effectively prevent the execution of malicious files injected into the hosting space.
A mistake, for example, is to allow PHP or executable files to run in the /images or /media folders. This is a mistake, given that Joomla developers teach that nothing, even custom-built components, should be placed in those folders.
Often, when a site is compromised, these are the first folders used to write malicious code; blocking those folders is already an excellent deterrent.
Second, use server-side systems that periodically, even daily, scan all websites hosting Joomla or other CMS installations.
There are many other solutions that can protect you, but it's difficult to assume that software like PageBuilder alone is safe from all malicious processes.