www programming

Posted: **Tue Dec 27, 2016 8:19 am**

- CVE-2016-10033
- Release date: 25.12.2016
- Revision 1.0
- Severity: Critical

registrations disabled on WordPress side, due to a vulnerability on
PHPMailer < 5.2.18 Remote Code Execution.
WordPress, even on latest 4.7, come with version PHPMailer 5.2.14, so if you own a WordPress based site, or a site based on a CMS that embed and use PHPMailer, you should DO THE SAME, and at least disable registrations and contact forms until a security patch has not been released!
https://legalhackers.com/advisories/PHP ... -Vuln.html

"Probably the world's most popular code for sending email from PHP!
Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii,
Joomla! and many more"

p.s but you can register here in phpBB side: phpBB not use PHPmailer, so has not been temporary disabled.

Posted: **Tue Dec 27, 2016 4:38 pm**

Thank you, we're well aware of the issue.

At this time, we have determined that WordPress core is not vulnerable to this exploit. We are searching for plugins and themes that may open up such a vulnerability, but we have not found any so far.

A future version of WordPress will likely contain an update for this library.

-Otto

Posted: **Tue Dec 27, 2016 4:48 pm**

p.s look there aren't plugins installed on your WP that are using the PHPMAILER class.

www programming

RESOLVED: WordPress SECURITY flaw: WP registration DISABLED at MOMENT!! PHPMAILER lib critical vulnerability

RESOLVED: WordPress SECURITY flaw: WP registration DISABLED at MOMENT!! PHPMAILER lib critical vulnerability

WordPress: PHPMAILER lib critical vulnerability seem to not affect

Re: RESOLVED: WordPress SECURITY flaw: WP registration DISABLED at MOMENT!! PHPMAILER lib critical vulnerability