[wp-trac] [WordPress Trac] #54739: Upgrade PHPMailer to 5.2.27 for WordPress < 5.3 (and to 6.5.3 for above 5.4)
WordPress Trac
noreply at wordpress.org
Tue Jan 11 23:26:54 UTC 2022
#54739: Upgrade PHPMailer to 5.2.27 for WordPress < 5.3 (and to 6.5.3 for above
5.4)
--------------------------------------+------------------------------
Reporter: zodiac1978 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: External Libraries | Version:
Severity: normal | Resolution:
Keywords: needs-patch dev-feedback | Focuses:
--------------------------------------+------------------------------
Comment (by zodiac1978):
Thanks @jrf and @peterwilsoncc for the info about the existing backports.
Looks like CVE-2018-19296 is already fixed and backported.
CVE-2017-11503 is about bad example code which is not bundled in WP, I
think.
But CVE-2021-34551 and CVE-2021-3603 are unfixed (I've checked the 4.4
branch as this is the version on a website where I found this issue).
They have a high risk classification and allow remote code execution.
Because these are fixed in 6.5+ but the 5.2-branch was EOL this seemed to
have slipped through.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54739#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list