PHPMailer Vulnerability and WordPress

There’s lots of panic around the holidays regarding CVE-2016-10033 – a critical vulnerability in the PHPMailer library, which allows an attacker to inject custom command-line commands and have the webserver execute them (RCE – remote code execution). WordPress uses PHPMailer, yet there hasn’t been an update yet (see trac ticket #37210), the ticket hasn’t been marked as critical…

Continue reading →

WordPress 4.7

WordPress 4.7 has been released a few moments ago, and includes a brand new default theme, starter content support, video headers, custom CSS, menu management improvements, content endpoints for the REST API, and much more.

Continue reading →