WordPress.org

Ready to get started?Download WordPress

Forums

TinyMCE Advanced
TinyMCE Advanced is an open door for Spammers (9 posts)

  1. rangitoto
    Member
    Posted 11 months ago #

    Hi all!

    I found out that TinyMCE Advanced is an open door for Spammers. They managed it somehow to use my server to send Spammails. They use TinyMCE Advanced for that.
    I sadly had to delete TinyMCE Advanced.

    Is there a solution?

    Thanks in advance!

    rangi

    http://wordpress.org/plugins/tinymce-advanced/

  2. Andrew Ozz
    WordPress Dev
    Plugin Author

    Posted 10 months ago #

    Was your site exploited? Don't see any vulnerabilities in this plugin, and have never heard of any. Most sites are exploited from neighboring hosting accounts or because they are very outdated. Usually they try to hide the exploit in some place you're not likely to look at.

    If you are sure than the point of entry was in this plugin, please email me privately from here: http://www.laptoptips.ca/contact/

  3. deFUNKT
    Member
    Posted 9 months ago #

    Any updates on this?

    I have seen spam problems with a site that has Tiny MCE Advanced. No idea if it actually is the problem. Will try to disable it.

  4. deFUNKT
    Member
    Posted 9 months ago #

    No concrete proof that the plugin was the culprit, but haven't seen any spam sent since I removed it.

    WP 3.7.1
    TimyMCE latest version

  5. rangitoto
    Member
    Posted 9 months ago #

    @deFUNKT: Same here. Since I removed it - no problems!

  6. Onkton
    Member
    Posted 9 months ago #

    TinyMCE 3.5.9 isn't working in my blog (3.7.1 WP)

    in another blog it's working (Tiny MCE 3.5.8 with WP 3.7.1)

    anyone else the prob or a solution?

    best regards

  7. Terry
    Member
    Posted 8 months ago #

    Have been watching this thread as use the plugin and have recommended it to many.

    After waiting a few days to hear "no way - TinyMCE is not responsible" from author starting to get nervous.

    Really would appreciate to yes, maybe or no please...

  8. Andrew Ozz
    WordPress Dev
    Plugin Author

    Posted 8 months ago #

    The plugin code is not exploitable and doesn't have any security vulnerabilities. Additionally this plugin doesn't do anything even remotely related to email.

    Unfortunately the original poster (or any of the other users) didn't send any more info on this. Would be really helpful to see an example of this...

    If somebody else suspects their site has been exploited, the first thing to do would be to install and run the Exploit Scanner plugin. If that doesn't turn anything, and TinyMCE Advanced is suspected, please download your current copy of TinyMCE Advanced to your computer (with FTP) and a fresh copy from the plugin repository. Then visually compare the .php files. An exploit will be easily visible as an extra "block" of code.

  9. Terry
    Member
    Posted 8 months ago #

    Kind of what I thought Andrew.

    Case closed far as I am concerned.

    Thank you much for clearing up.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags