PHPMailer, a popular class used by popular web CMSes like WordPress, Joomla and Drupal has been found to be vulnerable to a bug that allows execution of arbitrary code. PHPMailer is the most popular utility class for sending emails with PHP. There are an estimated 9 million sites of it live on the internet currently, most of them vulnerable.
The issue is not trivial as it allows attackers to exploit millions of websites that are deployed from small businesses to giant corporations. The issue, now tracked as CVE-2016-10033, was made public by Dawid Golunski.
The original library is now fixed, but sites running Drupal, WordPress and Joomla will require an upgrade procedure to deploy the fix. more details: