- Object injection in PHPMailer
Fix: This vulnerability was originally discovered in versions before 5.2.27 and 6.x before 6.0.6 of PHPMailer and was reintroduced in the versions 6.1.8 through 6.4.0.
In order to fix this issue, the WordPress team upgraded PHPMailer from version 6.4.0 to 6.4.1
You can see more details about this vulnerability here: https://nvd.nist.gov/vuln/detail/CVE-2020-36326
Pagely staff have already begun applying patches to our customers’ WordPress websites. Customers with version holds will only receive the patch for the branch they are currently running.