WordPress core published a security patch on May 13, 2021, to address a Critical Object Injection vulnerability in PHPMailer, the feature that WordPress uses by default to send emails.
WordPress 5.7.2 has been updated with the patch. Publishers should be receiving this update without further action from sites that have opted in to automatic download. However, if you haven’t updated WordPress, we suggest that you update WordPress right away.
According to the official United States government National Vulnerability Database website, this problem occurred when a patch for a previous vulnerability created a new one, which announces vulnerabilities.
This vulnerability is rated as “Critical” and It is recommended for all publishers to update the WordPress 5.7.2 version as soon as possible.
An attacker will need to find a way to send a message using PHPMailer and attach an attachment to that message in order to exploit this vulnerability.
On a scale of one to ten, WordPress vulnerability is rated 9.8.! Also, The following security vulnerability has been fixed in all WordPress versions since 3.7.