Title: Command Injection warning in class-phpmailer.php
Last modified: January 3, 2017

---

# Command Injection warning in class-phpmailer.php

 *  [liquid8](https://wordpress.org/support/users/liquid8/)
 * (@liquid8)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/command-injection-warning-in-class-phpmailer-php/)
 * Hi
 * I am getting warnings from my service provider about Command Injection vulnerability
   in class-phpmailer.php
    What should I do? Is this going to be fixed to the next
   WordPress version or should I do something to the current WP installations?

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Pioneer Web Design](https://wordpress.org/support/users/swansonphotos/)
 * (@swansonphotos)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/command-injection-warning-in-class-phpmailer-php/#post-8613390)
 * Have a read here:
 * [https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/](https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/)
 * Many links there, look at the update notes at bottom and watch for an update.
   The issue is with an older PHP Library that WordPress Core, Themes and Plugins
   use.
 *  [eaglejohn](https://wordpress.org/support/users/danielbenjamins/)
 * (@danielbenjamins)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/command-injection-warning-in-class-phpmailer-php/#post-8614128)
 * When I go to a clients website (which hosting provider gave out a warning about
   this) and open class-phpmailer.php, I see it’s version 5.2.14. The website is
   running WordPress 4.7 (so latest version) and all plugins are up to date.
 * **“If you are using PHPMailer older than 5.2.18 in your own PHP applications,
   themes or plugins, please upgrade to PHPMailer 5.2.18 or newer immediately.”**
 * Conclusion: WordPress 4.7 (latest version) is using and old phpmailer version?
 *  [Pioneer Web Design](https://wordpress.org/support/users/swansonphotos/)
 * (@swansonphotos)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/command-injection-warning-in-class-phpmailer-php/#post-8616068)
 * Please do not bring attention to such issues. It is not in your interest assuming
   that interest is protecting your own site. Fixing which PHP Library is used, 
   regardless of which is asked for, is a host issue.
 * Find a better one.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Command Injection warning in class-phpmailer.php’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 3 participants
 * Last reply from: [Pioneer Web Design](https://wordpress.org/support/users/swansonphotos/)
 * Last activity: [9 years, 5 months ago](https://wordpress.org/support/topic/command-injection-warning-in-class-phpmailer-php/#post-8616068)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics