Hello,
We understand your concern. However, the log entries you're seeing do not indicate that SP Page Builder 6.6.2 is causing these attacks.
The requests shown in your logs are automated attempts from bots scanning the internet for known endpoints, such as:
com_sppagebuilder&task=asset.uploadCustomIcon
com_ajax&plugin=helix3
com_jce
These scans are common and occur regardless of whether a site is vulnerable or fully up to date. The important point is that your security solution is reporting them as blocked, which means the attacks were prevented successfully.
Please make sure you have installed the latest versions of both SP Page Builder and Helix3, as they contain the necessary security fixes for the recently disclosed vulnerabilities.
Please also note that the com_jce requests are not related to JoomShaper. They are targeting the JCE extension and are unrelated to SP Page Builder or Helix3.
Since the vulnerabilities were publicly disclosed, attackers have been actively scanning the internet for websites that have not yet been updated. As a result, it is expected to continue seeing automated attack attempts against these endpoints, even after your site has been patched. Updating your extensions protects your site from the known vulnerabilities, but it does not prevent bots from attempting to access these URLs.
As long as the requests continue to be blocked and you are running the latest versions of SP Page Builder and Helix3, there is no indication from these logs that your site has been compromised.
If you notice any successful exploitation, unexpected file changes, or suspicious behavior beyond these blocked requests, please let us know and we'll be happy to investigate further.