Drupal is affected by many serious flaws

Drupal’s maintainers have released some urgent patching updates that resolve some vulnerabilities, including two rated ‘critical’.
We advise you to do not ignore Drupal updates because both critical flaws allow remote code execution (RCE), the first of which is in the PHP DefaultMailSystem::mail() backend affecting Drupal core versions 7.x and 8.x.
Even if a Drupal spokesperson suggested this wouldn’t be easy to exploit if a hacker is skilled enough the success is guaranteed.
The second critical flaw affecting Drupal 8.x lays in the contextual links module not validating contextual links. To exploit this a hacker still needs to meet some strict requirements.
Another three flaws are rated as moderate. The most interesting of them is represented by an anonymous open redirect flaw affecting Drupal 8 which was made public in August.
Hackers can use this parameter to make an URL that will trick users into being redirected to a 3rd party website exposing the users to potential social engineering attacks.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Another problem resolved in this patch is about a content moderation access bypass affecting version 8, through which content moderation fails to check a user’s access to use certain transitions, leading to an access bypass.
To fix this the developers had to make changes to ModerationStateConstraintValidator, StateTransitionValidationInterface, and user permissions. Be aware this issue has backwards compatibility in some cases.
Unpatched Drupal offer hackers millions of potential targets, that can be hacked in a few hours. Don’t think for a second because these flaws are hard to exploit that you will be safe, there’s a lot of hackers out there who can find a way to use them against. Applying these patches should be a priority!
Don’t forget something that nobody wants is a repeat: ‘Drupalgeddon 2’ crypto jacking attack from June where cybercriminals exploited a months-old flaw, CVE-2018-7600, to mine Monero off the back of sites using the CMS.
If you are running 7.x, upgrade to Drupal 7.60, If you are running 8.6.x, upgrade to Drupal 8.6.2, and if you are running 8.5.x or earlier, upgrade to Drupal 8.5.8.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.