PHPMailer Remote Code Execution Vulnerability

phpmailerOn Christmas day, a remote code execution (RCE) vulnerability in PHPMailer library was announced. PHPMailer is a script that many websites and content management systems (like WordPress, Joomla!, and Drupal) use to send out notifications.

PHPMailer is used by more than 9 million websites worldwide. This vulnerability affects all current versions of PHPMailer, including 5.2.18, 5.2.19 (and possibly even the newly released 5.2.20). At this point, there is no known malware that is exploiting this vulnerability, but needless to say, this discovery has a lot of people worried, and a lot of updates and patches being prepared. (Update: these vulnerabilities have been discovered in nearly all other popular PHP email libraries and some applications too.)

The good news is that none of Metisentry’s customers need to worry. Our normal security procedures on all of our servers already lock out the services that could be exploited by this vulnerability. Most hosting companies leave those services running, so many of those 9 million websites could be susceptible to this vulnerability.

Vulnerabilities like this always serve as a reminder to all WordPress users to keep their WordPress, themes, and plugins updated to the latest versions. This will help keep your site protected against vulnerabilities that may be discovered.

If you are a Metisentry Premium WordPress Hosting client, we will apply any released updates and patches for you. If you are not a Premium Hosting WordPress client, you must do these update on your own, or upgrade to our Premium Hosting package to have this done for you.

Your Metisentry Team is here to help! Our maintenance packages include applying WordPress, themes, and plugin updates, daily security scans, and daily backups. Not sure how to upgrade your WordPress and keep your site protected? Let us know!

If you have further questions about this exploit, or want us to protect your site from this and other vulnerabilities, give us a call at 330.294.4910 or contact us.