Security alerts
Verified CVE advisories and patch status across Drupal, WordPress, Magento, Shopify, Strapi and Contentful.
Drupal core — access bypass
Unauthenticated access bypass affecting Drupal 10.3–11.1. Patch to 10.3.14 / 10.4.6 / 11.1.4 immediately.
WordPress — popular plugin RCE
Two widely-used plugins shipped urgent fixes. Update affected plugins across all instances now.
Adobe Commerce — XSS in admin
Stored XSS in the admin panel. Apply the latest Adobe Commerce security patch and rotate admin sessions.
Drupal contrib — Views access
A contributed module exposes unpublished content via a Views endpoint under specific configs.
Strapi — privilege escalation
An authenticated user could escalate permissions via the admin API. Upgrade to the latest v5 patch.
Shopify app — token leakage
A third-party app could leak storefront tokens in logs. Rotate tokens and update the app.
Never patch late again
Managed clients are patched within SLA — typically the same day a critical advisory is published, often before it's public.
Stay ahead of the next release
Security alerts, platform updates and industry analysis — straight to your inbox.