This July 13, it is very important that you pay attention to the releases of security patches that the Drupal security team will be announcing through its bulletins since a highly critical vulnerability has been identified present in several contributed modules of Drupal 7 that allows arbitrary execution of PHP code.
The Drupal security team asks all site administrators to update the modules as soon as possible since having a rating of 22 out of 25 on the risk scale, it is very likely that potential attackers will take advantage of the vulnerability in the past. a few hours or days after the updates are disclosed.
You can follow the announcements at the url https://www.drupal.org/security/contrib, the rss channels http://drupal.org/security/contrib/rss.xml and http://drupal.org/security /psa/rss.xml as well as the @drupalsecurity twitter account .
Important: Drupal 7 core is not affected by this vulnerability, only contributed modules so not all sites will be affected, to ensure your site is not affected please review the July 13th security releases for updates to affected modules.
If you need support to update your modules, you can contact us to offer you our specialized service.
More information: https://www.drupal.org/psa-2016-001