PHPMailer Critical security update
Posted Jan 3, 2017 by Roger Villeneuve
An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.
If your website is using PHPMailer, you should have it updated to latest version ASAP.
You can read details here.