R
R
Roman2017-01-26 14:54:05
PHPMailer
Roman, 2017-01-26 14:54:05

How to fix vulnerability in Wordpress class-phpmailer.php - RCE: CVE-2016-10045, CVE-2016-10031?

Good afternoon, tell me how to fix the vulnerabilities CVE-2016-10045, CVE-2016-10031
I did not find any information about this, they were discovered not so long ago.
The script itself is in wordpress here:
/wp-includes/class-phpmailer.php - RCE : CVE-2016-10045, CVE-2016-10031 phpmailer
version 5.2.22
Visited version v6.0.0rc4 (same result) from here - https://github.com/PHPMailer/PHPMailer/tree/v6.0.0rc4

Answer the question

In order to leave comments, you need to log in

1 answer(s)
I
Igor Vorotnev, 2017-01-30
@HeadOnFire

These vulnerabilities affect versions of PHPMailer below 5.2.18 and 5.2.20, the latest version of WP uses 5.2.22, which fixes not only these vulnerabilities, but also another one found in version 5.2.21 . See changelog .
What to do? As usual - update WordPress and sleep well.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question