Paul Hayes

All Your Contact Forms Are Belong to Us: Critical Vulnerability Found in PHPMailer

David Golunski found a big vulnerability in PHPMailer. Essentially the sender data isn’t sanitized in PHPMailer versions less than 5.2.18. More details at Wordfence. The 4.7 version of WordPress has PHPMailer in it’s core in /wp-includes/class-smtp.php.

January 4, 2017

Paul Hayes

PHP, Security, Wordpress

PHP, PHPMailer, sanitizing, security, wordpress