Drupal · Entityform Block Module · CVE-2015-5493
**Name of the Vulnerable Software and Affected Versions**
Entityform Block module versions 7.x-1.x through 7.x-1.2
**Description**
The issue allows remote attackers to obtain access to certain entityforms due to improper permission checking when a form is locked to a role.
**Recommendations**
For Entityform Block module versions 7.x-1.x through 7.x-1.2, update to version 7.x-1.3 or later to resolve the issue.