Drupal is giving developers ample time to prepare for an update that patches a “highly critical” flaw because exploits might be developed within hours or days of disclosure.

Drupal released a point update for its core engine to patch a critical access bypass vulnerability.

Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition.

Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution. Through the critical access bypass vulnerability, the lone fix marked critical, a user could’ve submitted their own...

Developers at WordPress are encouraging users of the content management system to download and apply the most recent update, pushed yesterday, to address a cross-site scripting (XSS) vulnerability. According to WordPress the bug exists in all versions before 4.4 and if exploited, could allow a hacker to take control of an affected website. An independent security researcher based...

Attacks are accelerating against a now-patched Joomla zero-day vulnerability, putting pressure on site administrators to update quickly. The patch was published on Monday, but not before attacks were spotted in the wild and carried out for at least two days, said researchers at security company Sucuri. The zero-day vulnerability affects all Joomla versions from 1.5 to...