Support » Plugin: CKEditor for WordPress » Exploit in CKEditor Plugin can be used to send SPAM

  • Here are some lines from the PHP mail.log:
    2014-07-08 13:41:24 To: chukirana@yahoo.com From: “Susanna Medina” <susanna_medina@xxxxxxxxxxxxxxxxxxxxx.com> ==> /path/to/wp/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/uicolor/icons
    2014-07-08 13:41:24 To: chukiru@univision.com From: “Susanna Medina” <susanna_medina@xxxxxxxxxxxxxxxxxxxxx.com> ==> /path/to/wp/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/uicolor/icons
    2014-07-08 13:41:24 To: chukis101@hotmail.com From: “Susanna Medina” <susanna_medina@xxxxxxxxxxxxxxxxxxxxx.com> ==> /path/to/wp/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/uicolor/icons
    2014-07-08 13:41:24 To: chukis118@yahoo.com From: “Susanna Medina” <susanna_medina@xxxxxxxxxxxxxxxxxxxxx.com> ==> /path/to/wp/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/uicolor/icons
    2014-07-08 13:41:24 To: chukis99@aol.com From: “Susanna Medina” <susanna_medina@xxxxxxxxxxxxxxxxxxxxx.com> ==> /path/to/wp/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/uicolor/icons
    2014-07-08 13:41:24 To: chukis@q.com From: “Susanna Medina” <susanna_medina@xxxxxxxxxxxxxxxxxxxxx.com> ==> /path/to/wp/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/uicolor/icons
    2014-07-08 13:41:24 To: chukis_99@yahoo.com From: “Susanna Medina” <susanna_medina@xxxxxxxxxxxxxxxxxxxxx.com> ==> /path/to/wp/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/uicolor/icons
    2014-07-08 13:41:25 To: chukitobabyitzel@yahoo.com From: “Susanna Medina” <susanna_medina@xxxxxxxxxxxxxxxxxxxxx.com> ==> /path/to/wp/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/uicolor/icons

Viewing 1 replies (of 1 total)
  • Following a bug back to the source i found out this version of ckeditor is from 2012, and they have fixed so much since then. The bug I tracked is fixed in the new version and maybe this is too.
    If we can update this or figure out how to replace the TinyMCE4 editor with the new CKEditor it would very possibly solve so many problems people are having. Even this old version from 2012 fixes the issue where we can no longer paste images from the clipboard. I want so bad to try the real deal, updated CKEditor.
    How does this work? Does someone else need to take responsibility for this plugin or do we need to create another? I am asking CKEditor developers how they prefer we go about this, in case they have a preference how to go about getting this updated.
    http://dev.ckeditor.com/ticket/10604

Viewing 1 replies (of 1 total)
  • The topic ‘Exploit in CKEditor Plugin can be used to send SPAM’ is closed to new replies.