Several plugins for the content management system (CMS) Drupal have vulnerabilities. In the worst case, malicious code can get onto websites. Security updates are available.
Advertisement
The secured versions
As can be seen from the warning messages linked below this post, the following plugins have security issues:
- ACL secured versions 7.x-1.4, 8.x-1.0
- Config Pages secured version 8.x-2.9
- Data field secured version 1.0.16
- Flexi Access secured version 7.x-1.3
- Forum Access secured versions 7.x-1.6, 8.x-1.0
- SafeDelete Safe Version 1.0.44
- Shorthand Safe Version 4.0.3
Critical malicious code vulnerabilities
The developers classify four vulnerabilities as “critical” a. The CVE numbers are not mentioned in the alerts. In these cases, attackers can circumvent access restrictions (shorthand) or execute malicious code based on the way user input is processed (ACL, Flexi Access and Forum Access). How attacks could proceed in detail is not known at this point in time.
List sorted by threat level in descending order:
Advertisement
(of)