Community Builder Versions 2.1.0 and previous contain versions of 3rd party libraries with known vulnerabilities: PHPMailer and Guzzle

Release 2.1.1

  • updates to version 5.2.22 of PHP Mailer
  • provides custom fix for Guzzle library

Developer states that this is precautionary only, and that these vulnerabilities are not normally exploitable within Community Builder see full security statement for further details: https://www.joomlapolis.com/news/18719-security-statement-cb-2-1-1

 

.