Security updates in Joomla 3.9.6, Drupal 8.7.2 and Wordpress 5.2.1
Following security issues have arisen in CMSs and taking measures in order to maintain safe may be necessary.
Recent security issues in CMSs
- Joomla!
- Core - Object.prototype pollution in JQuery (Version 3.0.0 - 3.9.4) - CVE-2019-11358
- Core - Helpsites refresh endpoint callable for unauthenticated users (Versions 3.2.0 - 3.9.4) - CVE-2019-10946
- Core - Missing ACL check in sample data plugins (Versions 3.8.0 - 3.9.3) - CVE-2019-9713
- Drupal
- Core - 3rd Party Libraries (Versions <7.67, <8.6.16, <8.7.1) - SA-CORE-2019-007
- Core - Cross Site Scripting (Versions <7.66, <8.5.15, <8.6.15) - SA-CORE-2019-006
- Core - Cross Site Scripting (Versions <7.65, <8.5.14, <8.6.13) - SA-CORE-2019-004
- Core - Remote Code Execution (Versions <8.5.11, <8.6.10) - SA-CORE-2019-003
- Core - Arbitrary PHP code execution (Versions <7.62, <8.5.9, <8.6.6) - SA-CORE-2019-002
- Core - 3rd Party Libraries (Versions <7.62, <8.5.9, <8.6.6) - SA-CORE-2019-001
- Wordpress
- Exec Code XSS CSRF (Versions <5.1.1) - CVE-2019-9787
- Exec Code (Versions <4.9.9, <5.1.1) - CVE-2019-8942
- +Info (Versions <4.7.2) - CVE-2017-6514
Latest CMS releases
- Joomla! 3.9.6 since May 2019
- Drupal 8.7.2 since May 2019
- Wordpress 5.2.1 since May 2019
Post date:
Tuesday, May 28, 2019 - 11:01