The Drupal community has released security updates for several modules reported Drupal CMS developers today. The modules aren’t part of the Drupal core but all of them are available for download on Drupal.org web site.
Developers reported that module named “Brilliant Gallery” is vulnerable to an SQL injection attack, that can allow access to the administrator account. Drupal developers recommended to module users to disable the extension because at this time there is no patch available for the package. Drupal.org website has already removed the extension from the download section.
Another module that suffers from vulnerability to SQL injection attacks and is open to cross site scripting attacks is “Ajax Checklist”. Updates for this one are available.
A critical vulnerability was found in the “Plugin Manager” module. It allows any user to uninstall and remove modules from a Drupal system in insecure configurations. An update is available.
“SimpleNews” and “Stock” modules are anothr ones that have less critical cross site scripting issues, but updates are available for both.