[wp-trac] [WordPress Trac] #40472: Update PHPMailer to 5.2.25

WordPress Trac noreply at wordpress.org
Fri Oct 6 15:57:11 UTC 2017


#40472: Update PHPMailer to 5.2.25
-------------------------------------+------------------------------
 Reporter:  MattyRob                 |       Owner:
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  External Libraries       |     Version:  4.8
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------------------
Changes (by peopleinside):

 * severity:  minor => normal


Comment:

 Hi,
 cirrently I can see mail come out from Wordpress from PHP Mailer 5.2.22
 that has security vulnerability.

 I AM asking when this will be fixed with update in Wordpress.
 Thank you.

 I AM using plugin
 SMTP Mailer and opened an issue but the plug in athir says that the plugin
 use Wordpress PHP Mailer so Wordpress PHP Mailer seems to be vulnerable,
 5.2.22
 https://wordpress.org/support/topic/php-mailer-vulnerability/#post-9563243

 On PHP Mailer 5.2.24
 SECURITY Fix XSS vulnerability in one of the code examples,
 CVE-2017-11503. The code_generator.phps example did not filter user input
 prior to output. This file is distributed with a .phps extension, so it it
 not normally executable unless it is explicitly renamed, so it is safe by
 default. There was also an undisclosed potential XSS vulnerability in the
 default exception handler (unused by default). Patches for both issues
 kindly provided by Patrick Monnerat of the Fedora Project.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40472#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list