Following security issues have arisen in CMSs and taking measures in order to maintain safe may be necessary.

Recent security issues in CMSs

• Wordpress
  • XSS vulnerability in Flash fallback files (Versions <4.9.2) - CVE-2018-5776

• Joomla!
  • Core - XSS vulnerability in module chromes (Versions 3.0.0 - 3.8.3) - CVE-2018-6380
  • Core - XSS vulnerability in com_fields (Versions 3.7.0 - 3.8.3) - CVE-2018-6377
  • Core - XSS vulnerability in Uri class (Versions 1.5.0 - 3.8.3) - CVE-2018-6379
  • Core - SQLi vulnerability in Hathor postinstall message (Versions 3.7.0 - 3.8.3) - CVE-2018-6376

• Drupal
  • Critical - Core - Multiple Vulnerabilities (Versions <8.4.5 & <7.57) - SA-CORE-2018-001
    

     

Latest CMS releases

• Wordpress 4.9.4 since January 2018
• Joomla! 3.8.5 του  since February 2018
• Drupal 8.4.5 & 7.57 since February 2018

Note: In case you are using Wordpress, version 4.9.3 included a bug which broke WordPress auto-update. That means that the system will NOT be able to update from 4.9.3 to future versions automatically. You have to manually upgrade to version 4.9.4 in which the auto-upate feature have been restored.