drupalaid's profile picture. Drupal Support and Maintenance Services. We provide Unlimited support, proactive monthly maintenance, and small jobs. Visit us at https://www.drupalaid.com

Drupal Aid

@drupalaid

Drupal Support and Maintenance Services. We provide Unlimited support, proactive monthly maintenance, and small jobs. Visit us at https://www.drupalaid.com

Just released: #Drupal security updates (contrib): Reverse Proxy Header <1.1.2 Currency <3.5.0 Umami Analytics <1.0.1 Access code <2.0.5 Plausible tracking <1.0.2 JSON Field <1.5


#Drupal security update released for Acquia DAM module. Issue: Access bypass & info disclosure Affected: < 1.1.5 Fix: Update to 1.1.5 Only needed if Acquia DAM is installed

drupalaid's tweet image. #Drupal security update released for Acquia DAM module.

Issue: Access bypass &amp;amp; info disclosure
Affected: &amp;lt; 1.1.5
Fix: Update to 1.1.5
Only needed if Acquia DAM is installed

#Drupal security updates released: Authenticator Login <2.1.8 → 2.1.8 (Access bypass) Facets <2.0.10 / 3.0.0–<3.0.1 → 2.0.10/3.0.1 (Info disclosure, XSS) Protected Pages <1.8.0 → 1.8.0 (Access bypass) Upgrade if these modules are installed.


#Drupal security updates were just released. • Layout Builder Advanced Permissions – Moderately critical – Access bypass  – If using 2.2.0, upgrade to 2.2.1 • Authenticator Login – Highly critical – Access bypass  – If using <2.1.4, upgrade to 2.1.5


#Drupal security update just released. If you're using the AI SEO Link Advisor module (version below 1.0.6), there's a Server-side Request Forgery vulnerability. Only affects sites where users have the "access seo analyzer" permission. Update to 1.0.6 if this applies to you.


#Drupal security updates were just released. If your site uses either of these modules, update now: • Google Tag Manager (gtm) <8.x-1.10 • Config Pages <8.x-2.18


#Drupal security update released A moderately critical XSS vulnerability (CVE-2025-8092) affects the COOKiES Consent Management module. 🔹 Affected: versions < 1.2.16 🔹 Applies only if using the COOKiES Video submodule 🔹 Fix: update to 1.2.16 More: drupal.org/sa-contrib-202…


#Drupal security updates: • Real-Time SEO <2.2.0 → 8.x-2.2 (XSS) • Block Attributes <1.1.0 & 2.0.0-<2.0.1 → 8.x-1.1 / 2.0.1 (XSS) • File Download <1.9.0 & 2.0.0-<2.0.1 → 8.x-1.9 / 2.0.1 (access bypass) All mod-critical—upgrade if these modules are on your Drupal 10 site.


#Drupal security update(s) were just released. - A critical fix for Mail Login (CVE-2025-7393) affecting versions >3.0.0. - Also, a moderately critical XSS fix for Cookies Addons (CVE-2025-7392) up to 1.2.4

drupalaid's tweet image. #Drupal security update(s) were just released. 

- A critical fix for Mail Login (CVE-2025-7393) affecting versions &amp;gt;3.0.0. 

- Also, a moderately critical XSS fix for Cookies Addons (CVE-2025-7392) up to 1.2.4

#Drupal security updates were just released. Config Pages Viewer (<1.0.4): critical access bypass – upgrade to 1.0.4. Two-factor Authentication (<1.11.0): less-critical access bypass – upgrade to 8.x-1.11. If you use these modules on your site, update them now.


#Drupal security updates just released! Multiple vulnerabilities: Enterprise MFA (CRITICAL - access bypass) Paragraphs table (XSS) Simple XML sitemap (XSS) CKEditor5 Youtube (XSS) Klaro Cookie Management (XSS) Open Social (CSRF) GLightbox (XSS) Toc.js (XSS)


#Drupal security updates were just released. Several contrib modules have moderately critical vulnerabilities, mostly involving XSS. COOKiES (<1.2.15) etracker (<3.1.0) Simple Klaro (<1.10.0) EU Cookie Compliance (<1.26.0) Bookable Calendar (<2.2.13) Update now.


#Drupal security updates just dropped: ▪️ Quick Node Block <2.0.0 – Access bypass ▪️ Commerce Eurobank <2.1.1 – Access bypass ▪️ Commerce Alphabank <1.0.3 – Access bypass ▪️ Admin Audit Trail <1.0.5 – DoS ▪️ Lightgallery <1.6.0 – XSS Update if you're using any of these modules.


#Drupal security updates were just released. Update if installed: • One Time Password (<1.3.0) • Single Content Sync (<1.4.12) • Events Log Track (<3.1.11 or ≥4.0.0 & <4.0.2) • Piwik PRO (<1.3.2) • Advanced File Destination module is losing coverage—review immediately.


#Drupal security updates just dropped. If you use these, update now: 🔒 Enterprise MFA - TFA (<4.7.0, 5.0.*, <5.2.0) 🔒 Restrict route by IP (<1.3.0) ⚠️ IFrame Remove Filter (<2.0.5) ⚠️ Klaro Consent Mgmt (<3.0.5) ⚠️ COOKiES Consent Mgmt (<1.2.14) ⚠️ oEmbed Providers (<2.2.2)


#Drupal security updates just released for Search API Solr, Block Class, and Bootstrap Site Alert. Search API Solr <4.3.9 – CSRF – update to 4.3.10 Block Class 4.0.0–4.0.1 – XSS – update to 4.0.1 Bootstrap Site Alert <1.13.0 / 3.0.0–3.0.4 – XSS – update to 1.13.0 or 3.0.4


#Drupal security updates released: • Stage File Proxy <3.1.5 – DoS vuln if Origin has trailing slash (SA-CONTRIB-2025-035) • baguetteBox.js <2.0.4 or <3.0.1 – XSS vuln via unsanitized text (SA-CONTRIB-2025-034) Upgrade if using affected versions.


#Drupal security updates released! If you're using: Panels (<4.9.0) Gif Player Field (<1.5.0 || 2.0.0-2.0.4) ECA (<1.1.12 || 2.0.0-2.0.16 || 2.1.0-2.1.7) WEB-T (<1.1.0) Upgrade to the latest versions to patch critical vulnerabilities. Stay secure!


#Drupal security updates were just released. If your site uses any of these modules, update now: 🔹 Obfuscate (<2.0.1) – XSS vulnerability 🔹 Access Code (<2.0.4) – Access bypass vulnerability 🔹 TacJS (<6.7.0) – XSS vulnerability


#Drupal security update released A moderately critical XSS vulnerability affects Drupal core. Sites using affected versions should upgrade immediately. Impacted versions: 🔹 10.3.x < 10.3.14 🔹 10.4.x < 10.4.5 🔹 11.0.x < 11.0.13 🔹 11.1.x < 11.1.5

drupalaid's tweet image. #Drupal security update released
A moderately critical XSS vulnerability affects Drupal core. Sites using affected versions should upgrade immediately.

Impacted versions:
🔹 10.3.x &amp;lt; 10.3.14
🔹 10.4.x &amp;lt; 10.4.5
🔹 11.0.x &amp;lt; 11.0.13
🔹 11.1.x &amp;lt; 11.1.5

Loading...

Something went wrong.


Something went wrong.