Security updates for Drupal (the popular Content Management System (CMS)) modules have been available earlier this week.
Security advisories were published addressing 2 moderately critical issues found within these modules.
For the Twitter module, an issue was discovered that allowed any authenticated account to post tweets rather than just the Twitter account belonging to the owner of the installed module. This issue would also allow any other account to delete the attached Twitter account. A partial mitigation is that an attacker would need to already have an account with a role allowing them to post to Twitter.
The second advisory concerns the user of the RESTful API (Application Programming Interface). Authenticated users could inadvertently have their pages cached as anonymous users which potentially could allow anonymous page requests to access pages that would otherwise be denied to them.
How Can I Protect Myself From These Issues?
If you make use of either of the above mentioned modules in conjunction with Drupal, please follow the steps/links within the advisories listed below to resolve these issues: