Security Warning – WordPress & Other Web Software

A few days ago, a security issue was identified which affect many popular pieces of web software – ensure your web software is up to date.

 A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski.

Unfortunately someone a demonstration on how the vulnerability can be exploited in the PHPMailer library, but not targeting any web application that is in use.

PHPMailer is used by WordPress and many other programs core to send email.

Don’t Panic

There is no known exploit publicly available for WordPress core or any WordPress theme or plugin at this time. The only exploit we have seen is where a researcher has built their own application and then exploited it, demonstrating the existence of this vulnerability in PHPMailer.

Please ensure that you keep your web software and plugins up to date to reduce any possibility of any security issues.