WordPress 5.7.2 Patches a Severe Flaw in PHP Mailer

Deyan Georgiev
Deyan Georgiev

Updated · Feb 21, 2022


Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

Cyber attacks are at an all-time high in 2021. It’s no wonder that content management systems are constantly evaluating their systems for vulnerabilities.

And so, on May 13th, 2021, WordPress applied a patch for a vulnerability to version 5.7.2.

PHP Mailer had a Critical Object Injection that the content management system uses to send automatic emails. The identifier was CV E-2020-36326, similar to 2018’s CVE-19296.

It has one of the highest scores on the vulnerability rating system - 9.8 out of 10. It affected versions 3.7 to 5.7 and occurred after fixing a prior problem. If left unchecked, it could create a pop chain reaction, causing severe damage to site owners. 

Running additional software could help hackers exploit the vulnerability and launch malicious attacks. 

Typically, the issue occurs due to a lack of proper sanitization to user-supplied input. So, hackers could pass adhoc strings that have undergone serialization to a vulnerable unserialized call. 

The result? 

Passing arbitrary PHP objects to applications.

And it could be something as simple as sending a message using PHPMailer to gain access to your website!

Examples of threats include: 

  • SQL injections
  • Code Injection
  • Denial of Service (DOS)
  • Path Traversal

Publishers will not need to do anything, as WordPress will do automatic downloads. But, you have to switch to version 5.7.2. immediately otherwise, you open up your website to hacking events. Getting a good security plugin is also a must.

Seeing how prone online businesses are in 2021, what are you doing to protect yourself? Having antivirus software will not only detect any hacking attempts but will also block and clean up malware, Trojans, name it. 


Deyan Georgiev

Deyan Georgiev

Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Falcon Heavy. Working for TechJury is like a dream come true, combining both his passions – writing and technology. In his free time (which is pretty scarce, thanks to his three kids), Deyan enjoys traveling and exploring new places. Always with a few chargers and a couple of gadgets in the backpack. He makes mean dizzying Island Paradise cocktails too.

Leave your comment

Your email address will not be published.