Title: PHP Mailer vulnerability Last modified: October 6, 2017 --- # PHP Mailer vulnerability * Resolved [peopleinside](https://wordpress.org/support/users/peopleinside/) * (@peopleinside) * [8 years, 8 months ago](https://wordpress.org/support/topic/php-mailer-vulnerability/) * Hi, your plugin is using PHP Mailer included on your plugin? * Seems all version previous to PHP Mailer 5.2.25 are vulnerable. [https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24](https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24)( FIX vulnerability) Viewing 5 replies - 1 through 5 (of 5 total) * Thread Starter [peopleinside](https://wordpress.org/support/users/peopleinside/) * (@peopleinside) * [8 years, 8 months ago](https://wordpress.org/support/topic/php-mailer-vulnerability/#post-9561425) * From the code seems your plugin updated just one day ago has a very old PHP Mailer version. Vulnerable. * Security seems are not important for this plugin? Software has to keept safe and updated. * Plugin Author [Noor Alam](https://wordpress.org/support/users/naa986/) * (@naa986) * [8 years, 8 months ago](https://wordpress.org/support/topic/php-mailer-vulnerability/#post-9563105) * Hi, This plugin doesn’t directly include the PHPMailer library. It uses the one included by WordPress. * Thread Starter [peopleinside](https://wordpress.org/support/users/peopleinside/) * (@peopleinside) * [8 years, 8 months ago](https://wordpress.org/support/topic/php-mailer-vulnerability/#post-9563243) * Hi [@naa986](https://wordpress.org/support/users/naa986/), thank you for your quick reply. * In the file main.php of your plugin on the line 20 I can see: `var $phpmailer_version = '5.2.22';` * why there are this line, what is? * How I can report the PHP Mailer issue to WordPress? I should find a way, I want understand why I see email going out from the website with a vulnerable PHP Mailer version, thank you! * Plugin Author [Noor Alam](https://wordpress.org/support/users/naa986/) * (@naa986) * [8 years, 8 months ago](https://wordpress.org/support/topic/php-mailer-vulnerability/#post-9563300) * [@peopleinside](https://wordpress.org/support/users/peopleinside/), [https://make.wordpress.org/core/](https://make.wordpress.org/core/) * It’s there so I can keep track of the PHPMailer version included by WordPress. * Thread Starter [peopleinside](https://wordpress.org/support/users/peopleinside/) * (@peopleinside) * [8 years, 8 months ago](https://wordpress.org/support/topic/php-mailer-vulnerability/#post-9563304) * Thanks, I will flag this as resolved. * I posted here: [https://core.trac.wordpress.org/ticket/40472#comment:8](https://core.trac.wordpress.org/ticket/40472#comment:8) Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘PHP Mailer vulnerability’ is closed to new replies. * ![](https://ps.w.org/smtp-mailer/assets/icon-128x128.png?rev=1312656) * [SMTP Mailer](https://wordpress.org/plugins/smtp-mailer/) * [Frequently Asked Questions](https://wordpress.org/plugins/smtp-mailer/#faq) * [Support Threads](https://wordpress.org/support/plugin/smtp-mailer/) * [Active Topics](https://wordpress.org/support/plugin/smtp-mailer/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/smtp-mailer/unresolved/) * [Reviews](https://wordpress.org/support/plugin/smtp-mailer/reviews/) * 5 replies * 2 participants * Last reply from: [peopleinside](https://wordpress.org/support/users/peopleinside/) * Last activity: [8 years, 8 months ago](https://wordpress.org/support/topic/php-mailer-vulnerability/#post-9563304) * Status: resolved