WordPress and Drupal Security Advisories

I wanted a convenient place to reference the latest WordPress and Drupal Security Advisories, so I added the WP RSS Aggregator and then added both the WordPress Security Advisories and Drupal Security Advisories RSS feeds.

WordPress Security Advisories

Dropping security updates for WordPress versions 4.1 through 4.6
Source: Wordpress Security Advisories Published on 2025-06-19
Secure Custom Fields
Source: Wordpress Security Advisories Published on 2024-10-12
WP Engine Reprieve
Source: Wordpress Security Advisories Published on 2024-09-27
WP Engine is banned from WordPress.org
Source: Wordpress Security Advisories Published on 2024-09-25
WordPress 6.5.5
Source: Wordpress Security Advisories Published on 2024-06-24
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Source: Microsoft Security Alerts Published on 2018-01-09
4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-12-12
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-08-08
4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-06-27
4025685 - Guidance related to June 2017 security update release - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-06-13

Drupal Security Advisories

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004
Source: Drupal Security Advisories Published on 2025-03-19
Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003
Source: Drupal Security Advisories Published on 2025-02-19
Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002
Source: Drupal Security Advisories Published on 2025-02-19
Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
Source: Drupal Security Advisories Published on 2025-02-19
Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
Source: Drupal Security Advisories Published on 2024-11-20
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Source: Microsoft Security Alerts Published on 2018-01-09
4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-12-12
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-08-08
4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-06-27
4025685 - Guidance related to June 2017 security update release - Version: 1.0
Source: Microsoft Security Alerts Published on 2017-06-13

Microsoft Security Advisories

Dropping security updates for WordPress versions 4.1 through 4.6
Source: Wordpress Security Advisories Published on 2025-06-19
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004
Source: Drupal Security Advisories Published on 2025-03-19
Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003
Source: Drupal Security Advisories Published on 2025-02-19
Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002
Source: Drupal Security Advisories Published on 2025-02-19
Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
Source: Drupal Security Advisories Published on 2025-02-19
Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
Source: Drupal Security Advisories Published on 2024-11-20
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
Source: Drupal Security Advisories Published on 2024-11-20
Secure Custom Fields
Source: Wordpress Security Advisories Published on 2024-10-12
WP Engine Reprieve
Source: Wordpress Security Advisories Published on 2024-09-27
WP Engine is banned from WordPress.org
Source: Wordpress Security Advisories Published on 2024-09-25
WordPress 6.5.5
Source: Wordpress Security Advisories Published on 2024-06-24

Other Links:

Cold Fusion Security Advisories

Java Security Advisories

PHP Security Advisories

MySQL Security Advisories

Amazon AWS Security Advisories

Mozilla Security Advisories

VMWare Security Advisories