Umbraco HQ announced a high-severity security issue affecting versions of Umbraco from Umbraco 10 to Umbraco 12. All customers are advised to have their sites updated with the available patches. Umbraco Cloud hosted sites are not affected.
It's also possible that Umbraco 9 is also affected, however there will be no patch due to Umbraco 9 being out of support. It's recommended to upgrade sites running on Umbraco 9 to at least the latest Umbraco 10 LTS version.
We do know that sites running on Umbraco Cloud are not affected; we also know that the exploit can be mitigated by ensuring Automatic Upgrades is enabled.
Details on the vulnerability and how to upgrade can be found on Umbraco HQ's blog here: Umbraco Security Advisory, July 13, 2023.
If you would like support or assistance in upgrading your site reach out to us and we'll be glad to help.