A security researcher has publicly disclosed two critical zero-day vulnerabilities in Vanilla Forums. The open source forum software powers discussion on over 500,000 websites. Polish security researcher Dawid Golunski of Legal Hackers discovered the vulnerabilities. Both vulnerabilities technically exist because Vanilla Forum is still using a vulnerable version of PHPMailer, one of the most popular open source PHP libraries used to send emails. The company said the issues only affect its free and open source product, adding “neither of these vulnerabilities affect our cloud customers” at vanillaforums.com.
Source: https://thehackernews.com/2017/05/vanilla-forum-vulnerability.html