Affected: Customers using PHPMailer < 5.2.18 on their websites.
Release Date: 25th Dec 2016
This is to update customers regarding the PHPMailer vulnerability exploit advisory (CVE-2016-10033). We will like to highlight the dangers regarding this exploit and provide more insight on the issue to our customers.
If you are using CMS (Content Management System) such as WordPress, Drupal, Joomla and Moodle with PHPMailer version 5.2.18 and below, your site may be vulnerable to this. The vulnerability would allow an attacker to target common website components, such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class.
– Customer using WordPress, please update it to WordPress 4.7.1
– Customer using Drupal there is no action required as the Drupal core is not affected. However if there are Drupal modules installed which use PHPMailer, update it to version 5.2.18 or higher as soon as possible.
– Customer using Joomla there is no action required. However if there are Joomla extensions are using PHPMailer, it has to be updated to version 5.2.18 or higher.
– Customer using Moodle, please update it to Moodle 3.2.1 and 3.1.4
If you are not using any CMS (Content Management System) such as WordPress, Drupal, Joomla and Moodle, nor are you using PHPMailer on your website, you may ignore this advisory. If you are unsure, please contact your web developer for assistance.
For more information, you may visit:
https://support.plesk.com/hc/en-us/articles/115000275449
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities