Critical Drupal Vulnerabilities Announced: Update Now.

Critical Drupal Vulnerabilities Announced: Update Now.

Share this article

A critical vulnerability is being exploited in Drupal, a popular Content Management System (CMS), since April 2018. If you run a Drupal website, please update it immediately.

About Drupal’s Critical Vulnerabilities: CVE-2018-7602 and CVE-2018-7600

Both vulnerabilities are rated Highly Critical. Hackers can exploit these vulnerabilities to gain complete access to your website and hosting account. All modern versions of Drupal are affected including Drupal 6, 7 and 8.

Information about both vulnerabilities are available on Drupal's website:


How can I secure my Drupal website?

Please update your Drupal installation to the latest available version. The upgrade process may depend on your current Drupal version and may require a developer's or technician's intervention.

Before You Update

Always back up your current installation, including files and database, before any important update.

What else can I do to protect myself?

Drupal reports that "this vulnerability [CVE-2018-7602] is being exploited in the wild." which means that there are known cases of this vulnerability having been already exploited in production environments by hackers.

This is worrying as your website could potentially be compromised without any obvious signs. More worrisome is that hackers often wait up to a year to activate the malicious code so that patches and backups are limited in their effectiveness.

WHC's SiteSafe Protection service can be used to perform a deep scan to identify any compromised installations and clean them, as well as identify hidden vulnerabilities. To facilitate and encourage its adoption, Web Hosting Canada users can benefit from a 20% discount on SiteSafe Protection this month. Use the code DRUPALSITESAFE20 when ordering to automatically receive the discount.

Stay Safe,
The Team at WHC

About the author: Marc Pilon

Marc is the SEO Copywriter, Research Analyst, Marketer and Boardgame Wizard at WHC. He focuses on everything from developing new online growth strategies, content creation, technical SEO, and outreach within the community.

See all articles from this author Interested in writing for Web Hosting Canada?
Web Hosting Canada manages fast and reliable online infrastructure with 24/7 support. Learn more about WHC