Security updates in Wordpress 4.9.4, Joomla! 3.8.5 and Drupal 8.4.5 & 7.57
Following security issues have arisen in CMSs and taking measures in order to maintain safe may be necessary.
Recent security issues in CMSs
- Wordpress
- XSS vulnerability in Flash fallback files (Versions <4.9.2) - CVE-2018-5776
- Joomla!
- Core - XSS vulnerability in module chromes (Versions 3.0.0 - 3.8.3) - CVE-2018-6380
- Core - XSS vulnerability in com_fields (Versions 3.7.0 - 3.8.3) - CVE-2018-6377
- Core - XSS vulnerability in Uri class (Versions 1.5.0 - 3.8.3) - CVE-2018-6379
- Core - SQLi vulnerability in Hathor postinstall message (Versions 3.7.0 - 3.8.3) - CVE-2018-6376
- Drupal
- Critical - Core - Multiple Vulnerabilities (Versions <8.4.5 & <7.57) - SA-CORE-2018-001
- Critical - Core - Multiple Vulnerabilities (Versions <8.4.5 & <7.57) - SA-CORE-2018-001
Latest CMS releases
- Wordpress 4.9.4 since January 2018
- Joomla! 3.8.5 του since February 2018
- Drupal 8.4.5 & 7.57 since February 2018
Note: In case you are using Wordpress, version 4.9.3 included a bug which broke WordPress auto-update. That means that the system will NOT be able to update from 4.9.3 to future versions automatically. You have to manually upgrade to version 4.9.4 in which the auto-upate feature have been restored.
Post date:
Thursday, March 1, 2018 - 13:41