Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The Webprofiler module provides a way of displaying the Symfony profile debugging tool at the bottom of each page.
The abbr_class Twig filter can be used to bypass the Twig auto-escape feature.
This vulnerability is mitigated by the fact that it is only exposed when the filter is specifically used in a theme to render content that contains an attack vector.
The Flexi Access module will provide a simple and flexible interface to the ACL (Access Control List) module. It will let you set up and mange ACLs naming individual users that are allowed access to a particular node.
The module processes user input in a way that could be unsafe. This can lead to Remote Code Execution via Object Injection.
This module changes your forum administration page to allow you to set forums private. You can control what user roles can view, edit, delete, and post to each forum. You can also give each forum a list of users who have administrative access on that forum (AKA moderators). This module requires the ACL module.
The module processes user input in a way that could be unsafe. This can lead to Remote Code Execution via Object Injection.
This vulnerability is mitigated by the fact that an attacker needs the "administer forums" permission.
Drupal Steward is a web application firewall product that can protect your Drupal sites from highly critical and mass exploitable vulnerabilities, allowing you to update on your own time.