
Drupal Aid
@drupalaid
Drupal Support and Maintenance Services. We provide Unlimited support, proactive monthly maintenance, and small jobs. Visit us at https://www.drupalaid.com
You might like
Just released: #Drupal security updates (contrib): Reverse Proxy Header <1.1.2 Currency <3.5.0 Umami Analytics <1.0.1 Access code <2.0.5 Plausible tracking <1.0.2 JSON Field <1.5
#Drupal security update released for Acquia DAM module. Issue: Access bypass & info disclosure Affected: < 1.1.5 Fix: Update to 1.1.5 Only needed if Acquia DAM is installed

#Drupal security updates released: Authenticator Login <2.1.8 → 2.1.8 (Access bypass) Facets <2.0.10 / 3.0.0–<3.0.1 → 2.0.10/3.0.1 (Info disclosure, XSS) Protected Pages <1.8.0 → 1.8.0 (Access bypass) Upgrade if these modules are installed.
#Drupal security updates were just released. • Layout Builder Advanced Permissions – Moderately critical – Access bypass – If using 2.2.0, upgrade to 2.2.1 • Authenticator Login – Highly critical – Access bypass – If using <2.1.4, upgrade to 2.1.5
#Drupal security update just released. If you're using the AI SEO Link Advisor module (version below 1.0.6), there's a Server-side Request Forgery vulnerability. Only affects sites where users have the "access seo analyzer" permission. Update to 1.0.6 if this applies to you.
#Drupal security updates were just released. If your site uses either of these modules, update now: • Google Tag Manager (gtm) <8.x-1.10 • Config Pages <8.x-2.18
#Drupal security update released A moderately critical XSS vulnerability (CVE-2025-8092) affects the COOKiES Consent Management module. 🔹 Affected: versions < 1.2.16 🔹 Applies only if using the COOKiES Video submodule 🔹 Fix: update to 1.2.16 More: drupal.org/sa-contrib-202…
#Drupal security updates: • Real-Time SEO <2.2.0 → 8.x-2.2 (XSS) • Block Attributes <1.1.0 & 2.0.0-<2.0.1 → 8.x-1.1 / 2.0.1 (XSS) • File Download <1.9.0 & 2.0.0-<2.0.1 → 8.x-1.9 / 2.0.1 (access bypass) All mod-critical—upgrade if these modules are on your Drupal 10 site.
#Drupal security update(s) were just released. - A critical fix for Mail Login (CVE-2025-7393) affecting versions >3.0.0. - Also, a moderately critical XSS fix for Cookies Addons (CVE-2025-7392) up to 1.2.4

#Drupal security updates were just released. Config Pages Viewer (<1.0.4): critical access bypass – upgrade to 1.0.4. Two-factor Authentication (<1.11.0): less-critical access bypass – upgrade to 8.x-1.11. If you use these modules on your site, update them now.
#Drupal security updates just released! Multiple vulnerabilities: Enterprise MFA (CRITICAL - access bypass) Paragraphs table (XSS) Simple XML sitemap (XSS) CKEditor5 Youtube (XSS) Klaro Cookie Management (XSS) Open Social (CSRF) GLightbox (XSS) Toc.js (XSS)
#Drupal security updates were just released. Several contrib modules have moderately critical vulnerabilities, mostly involving XSS. COOKiES (<1.2.15) etracker (<3.1.0) Simple Klaro (<1.10.0) EU Cookie Compliance (<1.26.0) Bookable Calendar (<2.2.13) Update now.
#Drupal security updates just dropped: ▪️ Quick Node Block <2.0.0 – Access bypass ▪️ Commerce Eurobank <2.1.1 – Access bypass ▪️ Commerce Alphabank <1.0.3 – Access bypass ▪️ Admin Audit Trail <1.0.5 – DoS ▪️ Lightgallery <1.6.0 – XSS Update if you're using any of these modules.
#Drupal security updates were just released. Update if installed: • One Time Password (<1.3.0) • Single Content Sync (<1.4.12) • Events Log Track (<3.1.11 or ≥4.0.0 & <4.0.2) • Piwik PRO (<1.3.2) • Advanced File Destination module is losing coverage—review immediately.
#Drupal security updates just dropped. If you use these, update now: 🔒 Enterprise MFA - TFA (<4.7.0, 5.0.*, <5.2.0) 🔒 Restrict route by IP (<1.3.0) ⚠️ IFrame Remove Filter (<2.0.5) ⚠️ Klaro Consent Mgmt (<3.0.5) ⚠️ COOKiES Consent Mgmt (<1.2.14) ⚠️ oEmbed Providers (<2.2.2)
#Drupal security updates just released for Search API Solr, Block Class, and Bootstrap Site Alert. Search API Solr <4.3.9 – CSRF – update to 4.3.10 Block Class 4.0.0–4.0.1 – XSS – update to 4.0.1 Bootstrap Site Alert <1.13.0 / 3.0.0–3.0.4 – XSS – update to 1.13.0 or 3.0.4
#Drupal security updates released: • Stage File Proxy <3.1.5 – DoS vuln if Origin has trailing slash (SA-CONTRIB-2025-035) • baguetteBox.js <2.0.4 or <3.0.1 – XSS vuln via unsanitized text (SA-CONTRIB-2025-034) Upgrade if using affected versions.
#Drupal security updates released! If you're using: Panels (<4.9.0) Gif Player Field (<1.5.0 || 2.0.0-2.0.4) ECA (<1.1.12 || 2.0.0-2.0.16 || 2.1.0-2.1.7) WEB-T (<1.1.0) Upgrade to the latest versions to patch critical vulnerabilities. Stay secure!
#Drupal security updates were just released. If your site uses any of these modules, update now: 🔹 Obfuscate (<2.0.1) – XSS vulnerability 🔹 Access Code (<2.0.4) – Access bypass vulnerability 🔹 TacJS (<6.7.0) – XSS vulnerability
#Drupal security update released A moderately critical XSS vulnerability affects Drupal core. Sites using affected versions should upgrade immediately. Impacted versions: 🔹 10.3.x < 10.3.14 🔹 10.4.x < 10.4.5 🔹 11.0.x < 11.0.13 🔹 11.1.x < 11.1.5

United States Trends
- 1. #AEWWrestleDream 33K posts
- 2. Kentucky 21.9K posts
- 3. #UFCVancouver 27.7K posts
- 4. Arch Manning 2,182 posts
- 5. Sark 3,396 posts
- 6. Christian Gray N/A
- 7. No Kings 1.64M posts
- 8. Notre Dame 12.6K posts
- 9. Lincoln Riley N/A
- 10. Iowa 17.4K posts
- 11. Tennessee 48.2K posts
- 12. Stoops 2,179 posts
- 13. #RollTide 5,114 posts
- 14. Sam Rivers 12.9K posts
- 15. Chito 6,786 posts
- 16. Heupel 1,574 posts
- 17. Brendan Allen 3,038 posts
- 18. CJ Carr 1,347 posts
- 19. Tim Banks N/A
- 20. Jeremiyah Love 1,253 posts
Something went wrong.
Something went wrong.