Drupal has identified some remote code execution vulnerabilities on several contributed modules on version 7.x Customers who sites run on Drupal are urged to review these announcements on the Drupal site, and update the affected plugins - even if they are not active on your site. If your Drupal site uses v7.x, this is highly critical, and you should upgrade the plugins as a matter of urgency. https://www.drupal.org/node/2765573 https://www.drupal.org/node/2765575 https://www.drupal.org/node/2765567  Once the plugins have been updated, your site should be protected from these potential vulnerabilities.