[wp-trac] [WordPress Trac] #40472: Update PHPMailer to 5.2.27

WordPress Trac noreply at wordpress.org
Tue Nov 20 11:02:36 UTC 2018


#40472: Update PHPMailer to 5.2.27
------------------------------------+------------------------------
 Reporter:  MattyRob                |       Owner:  (none)
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  External Libraries      |     Version:  4.8
 Severity:  critical                |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:
------------------------------------+------------------------------

Comment (by bgermann):

 Every wp_mail call with the $attachments parameter set is vulnerable to
 CVE-2018-19296. WP Core does not call wp_mail with $attachments. But
 plugins that do and have no mitigating check in place are vulnerable.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/40472#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list