CVE-2024-53860

Name of the Vulnerable Software and Affected Versions: sp-php-email-handler versions prior to 1.0.0

Description: The sp-php-email-handler PHP package is vulnerable to abuse, allowing malicious actors to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable them to use the server to send spam, phishing emails, or other malicious content, potentially damaging the domain's reputation and leading to blacklisting by email providers.

Recommendations: For versions prior to 1.0.0, upgrade to version 1.0.0 to mitigate the vulnerability. As a temporary workaround is not available, it is essential to apply the upgrade as soon as possible. All pre-release versions, including alpha and beta, should not be used due to their vulnerability to this issue.