PHP Mailer vulnerability | WordPress.org

Resolved peopleinside
(@peopleinside)

8 years, 8 months ago

Hi,
is your plugin integrating PHP Mailer older than 5.2.25?

If the reply is yes there are security vulnerability.

Seems all version previous to PHP Mailer 5.2.25 are vulnerable.
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24 (FIX vulnerability)

Viewing 3 replies - 1 through 3 (of 3 total)

Alexander C.
(@alexanderfoxc)

8 years, 8 months ago

The plugin is using PHP Mailer that is integrated into WordPress itself. Latest WP version (4.8.2) is using PHP Mailer version 5.2.22.

I guess you should bring this up to WordPress team?

Thread Starter peopleinside
(@peopleinside)

8 years, 8 months ago

Done thanks.
https://core.trac.wordpress.org/ticket/40472#comment:8

Alexander C.
(@alexanderfoxc)

8 years, 8 months ago

Thank you very much for reporting this both to us and WP team. If WP team would be slow with updating the version, we might consider including PHP Mailer with the plugin itself, though this is something we’re trying to avoid in order to keep the plugin small and avoiding unnecessary code duplication.

Let’s see how it’s going to develop.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘PHP Mailer vulnerability’ is closed to new replies.

3 replies
2 participants
Last reply from: Alexander C.
Last activity: 8 years, 8 months ago
Status: resolved