The Joomla Project recently released a security advisory regarding the PHP Mailer library. Please read the announcement for further details. Some extensions also include their own versions of vulnerable library, and developers of the relevant extensions are urged to release updates as soon as possible.

The VEL will be maintaining a list of extensions affected by the issue. Users of the affected extensions are strongly advised to update. To be clear, inclusion on the list simply means that the extension includes the vulnerable library, not that an exploit exists, you should contact the developer if you have any questions.