WordPress and Drupal Security Advisories

I wanted a convenient place to reference the latest WordPress and Drupal Security Advisories, so I added the WP RSS Aggregator and then added both the WordPress Security Advisories and Drupal Security Advisories RSS feeds.

WordPress Security Advisories

WP23
Source: Wordpress Security Advisories Published on 2026-05-27
WordPress 6.9.2 Release
Source: Wordpress Security Advisories Published on 2026-03-10
Dropping security updates for WordPress versions 4.1 through 4.6
Source: Wordpress Security Advisories Published on 2025-06-19
Secure Custom Fields
Source: Wordpress Security Advisories Published on 2024-10-12
WP Engine Reprieve
Source: Wordpress Security Advisories Published on 2024-09-27
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Source: Microsoft Security Alerts Published on 2018-01-09
4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-12-12
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-08-08
4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-06-27
4025685 - Guidance related to June 2017 security update release - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-06-13

Drupal Security Advisories

Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Critical - PHP object injection - SA-CORE-2026-005
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Source: Drupal Security Advisories Published on 2026-05-20
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003
Source: Drupal Security Advisories Published on 2026-04-15
Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002
Source: Drupal Security Advisories Published on 2026-04-15
Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
Source: Drupal Security Advisories Published on 2026-04-15
Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
Source: Drupal Security Advisories Published on 2025-11-12
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Source: Microsoft Security Alerts Published on 2018-01-09
4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-12-12
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-08-08
4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-06-27
4025685 - Guidance related to June 2017 security update release - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-06-13

Microsoft Security Advisories

Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006
Source: Drupal Security Advisories Published on 2026-06-17
Drupal core - Critical - PHP object injection - SA-CORE-2026-005
Source: Drupal Security Advisories Published on 2026-06-17
WP23
Source: Wordpress Security Advisories Published on 2026-05-27
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Source: Drupal Security Advisories Published on 2026-05-20
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003
Source: Drupal Security Advisories Published on 2026-04-15
Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002
Source: Drupal Security Advisories Published on 2026-04-15
Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
Source: Drupal Security Advisories Published on 2026-04-15
WordPress 6.9.2 Release
Source: Wordpress Security Advisories Published on 2026-03-10
Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
Source: Drupal Security Advisories Published on 2025-11-12
Dropping security updates for WordPress versions 4.1 through 4.6
Source: Wordpress Security Advisories Published on 2025-06-19
Secure Custom Fields
Source: Wordpress Security Advisories Published on 2024-10-12
WP Engine Reprieve
Source: Wordpress Security Advisories Published on 2024-09-27

Other Links:

Cold Fusion Security Advisories

Java Security Advisories

PHP Security Advisories

MySQL Security Advisories

Amazon AWS Security Advisories

Mozilla Security Advisories

VMWare Security Advisories