Security updates in Wordpress 4.9.4, Joomla! 3.8.5 and Drupal 8.4.5 & 7.57

Following security issues have arisen in CMSs and taking measures in order to maintain safe may be necessary.

Recent security issues in CMSs

  • Wordpress
    • XSS vulnerability in Flash fallback files (Versions <4.9.2) - CVE-2018-5776
  • Joomla!
    • Core - XSS vulnerability in module chromes (Versions 3.0.0 - 3.8.3) - CVE-2018-6380
    • Core - XSS vulnerability in com_fields (Versions 3.7.0 - 3.8.3) - CVE-2018-6377
    • Core - XSS vulnerability in Uri class (Versions 1.5.0 - 3.8.3) - CVE-2018-6379
    • Core - SQLi vulnerability in Hathor postinstall message (Versions 3.7.0 - 3.8.3) - CVE-2018-6376
  • Drupal
    • Critical - Core - Multiple Vulnerabilities (Versions <8.4.5 & <7.57) - SA-CORE-2018-001

       

Latest CMS releases

  • Wordpress 4.9.4 since January 2018
  • Joomla! 3.8.5 του  since February 2018
  • Drupal 8.4.5 & 7.57 since February 2018

 

Note: In case you are using Wordpress, version 4.9.3 included a bug which broke WordPress auto-update. That means that the system will NOT be able to update from 4.9.3 to future versions automatically. You have to manually upgrade to version 4.9.4 in which the auto-upate feature have been restored.