Attention Drupal users! A recent security advisory flags a moderately critical vulnerability in the Mollie for Drupal module. The flaw, related to payment confirmation logic, could expose users to potential exploitation. Discover the recommended updates and secure your online transactions. Read on for essential details on fortifying your Drupal installation against potential risks.
In terms of securing the Drupal installation, the article recommends keeping the core and contributed modules up to date, as well as applying security patches promptly.
The process of loading fonts from the Google CDN used to expose the users’ Personally Identifiable Information (PII) such as IP addresses to Google. German courts have ruled that this leakage amounts to violation of privacy and threatened DXPR theme users with penalties.
According to the release, all Drupal 7 sites on Windows web servers are vulnerable. Drupal 7 sites on Linux web services are vulnerable with certain file directory structure.
The security update aims to address a vulnerability in the Protected Pages module. Anyone using Protected Pages module for Drupal 8/9/10 are advised to install the latest version.
Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials.
The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon (On-site) payment gateway, to correct this you can install the latest version.