WordPress.org

Ready to get started?Download WordPress

Forums

Events Manager
Uses insecure PHPMailer versions (8 posts)

  1. frettled
    Member
    Posted 2 years ago #

    Events-manager uses an outdated and very insecure set of PHPMailer versions (1.02 and 1.73), which not only can be used for spamming, but also were designed for PHP 4.

    PHP 4 was discontinued nearly four years ago.

    PHPMailer's current version is 5.1, which is designed for PHP 5 and 6.

    This needs to be updated yesteryear.

    http://wordpress.org/extend/plugins/events-manager/

  2. Marcus
    NetWebLogic Support
    Plugin Author

    Posted 2 years ago #

    agreed, thx will check that out.

  3. frettled
    Member
    Posted 2 years ago #

    Apparently, it's 5.2 that's the most recent version. I don't check this software's version that often, since it's infrequently updated.

    http://code.google.com/a/apache-extras.org/p/phpmailer/source/list

  4. Marcus
    NetWebLogic Support
    Plugin Author

    Posted 2 years ago #

    it's been a while, last time i dled it the project was still hosted on sourceforge :)

  5. Marcus
    NetWebLogic Support
    Plugin Author

    Posted 2 years ago #

    done, added to dev version, will be out in next update.

  6. frettled
    Member
    Posted 2 years ago #

    Thanks for the quick response.

    Now for the rest of those plugins/themes using PHPMailer < 5.1 and/or TimThumb < 2.8.2…

  7. frettled
    Member
    Posted 2 years ago #

    BTW and OT, I suggest creating a timthumb-config.php with the following code:

    define ('ALLOW_EXTERNAL', FALSE);

  8. Marcus
    NetWebLogic Support
    Plugin Author

    Posted 2 years ago #

    done, no need for external sites, good point.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic