I realized that popular WordPress plugin Contact Form 7 uses this library https://github.com/PHPMailer/PHPMailer.
When I check source of mail, which has been sended from Contact Form 7, it looks like this:
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
So, this version is from (Nov 1st 2015).
https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md
The latests one is:
Version 5.2.18 (December 24th 2016)
SECURITY Critical security update for CVE-2016-10033 please update now! Thanks to Dawid Golunski.
Why Contact Form 7 uses old versions of PHPMailer?
1
PHPMailer is not part of the plugin, it is shipped with WordPress. So it is up to WordPress to keep it up to date. There is a patch already in ticket #37210.
In the mean time, you can create a mu-plugin, include the newer version of PHPMailer here, create an instance and assign it to the global variable $phpmailer. WordPress will then use that instead of its own outdated version. But be aware that WordPress’ version has some changes that are not compatible with the original class, so you might break some plugins.