managed securityWP Core Vulnerability 2022

WP Core Vulnerability MAY 2021:

WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer

For your WordPress protection, be informed about the LATEST WP Core Vulnerability MAY 2021. Publicly known since its first official report on 2022-05-13 or it's official disclosure on 2022-05-15. All versions of WordPress starting with 3.7 to 5.7.1 have the Object Injection in PHPMailer vulnerability.

WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer
References: CVE-2020-36326 + CVE-2018-19296


  • WordPress 3.7 to 5.7.1 CORE Object Injection in PHPMailer
    • This security release features one security fix. Because this is a security release (WordPress 5.7.2 Security Release), it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Active installations: 41.7% of the ENTIRE INTERNET minus the updated instances of 5.7.2, since released on May 13, 2022.

Impact - What can an attacker do:
WordPress versions 3.7 to 5.7.1 were using a vulnerable version of the PHPMailer library, which was affected by a PHP Object Injection vulnerability through Phar Deserialization via addAttachment with a UNC pathname.

To fix the vulnerability the PHPMailer library was updated from version 6.4.0 to 6.4.1.

The PHPMailer library developers state that, "PHPMailer versions between 6.1.8 and 6.4.0 contain a regression of the earlier CVE-2018-19296 object injection vulnerability as a result of a fix for Windows UNC paths in 6.1.8. Recorded as CVE-2020-36326. Reported by Fariskhi Vidyan via Tidelift. 6.4.1 fixes this issue, and also enforces stricter checks for URL schemes in local path contexts."

To ensure that your WordPress website is secure against this vulnerability, update to version 5.7.2, or another patched minor version.

managed WordPress SECURITY

Protect your WordPress from publicly reported cases of WP Core Vulnerability APR 2021 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

wp core vulnerability may 2021

Contact us today for a FREE AUDIT!

Do you suspect any WP Core Vulnerability APR 2021 Security Exploits within your WordPress?

Related Posts to MANAGED WordPress Security:

WP CSRF NOV 2024: 31 Bold WP Cross-Site Request Forgery

WP CSRF NOV 2024 – WP Cross-Site Request Forgery Managed WP/Woo Security Report Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF NOV 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit. It is a +35% INCREASE compared to previous month,…

WP SQLi NOV 2024: 37 WP SQL Injections 2024 Hack

WP SQLi NOV 2024 | WP SQL Injections Managed WP/Woo Security Report Be informed about the latest WP SQL Injections, identified and reported publicly. WP SQLi NOV 2024 is a +32% INCREASE compared to previous month, as specifically targeted SQL Injections. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching…

WP Theme CVE NOV 2024: 18 Premium Hack risk

WP Theme CVE NOV 2024 Be informed about the latest WordPress theme vulnerabilities, identified and reported publicly. WP Theme CVE NOV 2024 is a -22% DECREASE compared to previous month, as specifically targeted Theme vulnerabilities. The consequences of a THEME hack are ugly. You will experience major backlash on your WordPress domain, costly damage control/recovery,…

WP Security CVE OCT 2024: 22 public plugin risks

WP Security CVE OCT 2024 Be informed about the latest reported WP Security Plugin Vulnerabilities. WP Security CVE OCT 2024 is a +22% INCREASE, compared to last month. Consider for your online safety, a WP/Woo SECURITY AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed…