Community Builder Versions 2.1.0 and previous contain versions of 3rd party libraries with known vulnerabilities: PHPMailer and Guzzle
Release 2.1.1
- updates to version 5.2.22 of PHP Mailer
- provides custom fix for Guzzle library
Developer states that this is precautionary only, and that these vulnerabilities are not normally exploitable within Community Builder see full security statement for further details: https://www.joomlapolis.com/news/18719-security-statement-cb-2-1-1
.