Security Alert: Highly critical vulnerability in Drupal core


The Drupal security team announced on March 28th, 2018 that a highly critical vulnerability in Drupal core. This vulnerability allows a a hacker to use multiple attacks to gain complete control of a Drupal CMS website. The Drupal security team estimates that about 9% of all Drupal sites are affected which equates to over one million websites.

Normally we do not cover Drupal vulnerability alerts, but given the severity, we feel that it is always good to let people know and help spread the word.

Drupal website owners should upgrade to a patched version of Drupal immediately. The announcement will surely attract the attention of attackers.

Here is a high-level summary of the versions impacted and recommended actions:

  • Sites running Drupal 8.x should update to version 8.5.1
  • Sites running Drupal 7.x should update to version 7.58
  • There are patches available for 8.3.x and 8.2.x versions
  • Sites running end of life versions will need to upgrade to a supported version of Drupal

A more detailed overview of upgrade recommendations from the Drupal security team is available on Drupal.org. They have also published a detailed FAQ.

This attack has been nicknamed “Drupalgeddon 2.” The previous Drupalgeddon was as high in severity as this on is, and had automated attacks against unpatched Drupal sites within a matter of hours after the vulnerability was made public.

You can read more about this vulnerability at https://www.drupal.org/sa-core-2018-002

How to increase event attendance by up to 30 perce...
Event Registration Pro Calendar For Wordpress Is H...

Don’t miss any updates and notifications of our new Joomla extensions and all the special discounts we have for you.

We never spam!

Back To Top