An ethical hackers group named to be “LegalHackers” has managed to bypass PHPMailer 5.2.20 Patch that had been released by PHPMailer yesterday due to a security flaw in its previous versions. However, just the patch was released, the patch itself had been exploited again by LegalHackers.
PHPMailer continues to be the most used transport class in the world, with the estimated 9 million users world-wide. Downloads continue in a rate that is significant daily. PHPMailer is used in many famous website applications such as Joomla, WordPress, WHMCS, and many others.
This exploit surely leaves millions of websites vulnerable to hackers. However we aren’t sure if the new upcoming version would still be vulnerable or not, but it appears that LegalHackers are waiting for the new version to come out so they can try to exploit it too.
More information about the “PHPMailer < 5.2.20 Patch" vulnerability and exploit can be found on LegalHackers official website post.