Drupal has identified some remote code execution vulnerabilities on several contributed modules on version 7.x
Customers who sites run on Drupal are urged to review these announcements on the Drupal site, and update the affected plugins - even if they are not active on your site.
If your Drupal site uses v7.x, this is highly critical, and you should upgrade the plugins as a matter of urgency.
- https://www.drupal.org/node/2765573
- https://www.drupal.org/node/2765575
- https://www.drupal.org/node/2765567
Once the plugins have been updated, your site should be protected from these potential vulnerabilities.