Title: Remote File Upload Vulnerability
Last modified: August 21, 2016

---

# Remote File Upload Vulnerability

 *  Resolved [henndi001](https://wordpress.org/support/users/henndi001/)
 * (@henndi001)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/remote-file-upload-vulnerability-2/)
 * Hello,
 * I want to use your Plugin but it has a weak security. I found SQL Injections,
   XSS und RFU vulnerability.
 * Can you fix this an make your plugin more secure?
 * regards
 * [https://wordpress.org/plugins/tinymce-advanced/](https://wordpress.org/plugins/tinymce-advanced/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [Andrew Ozz](https://wordpress.org/support/users/azaozz/)
 * (@azaozz)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/remote-file-upload-vulnerability-2/#post-4685530)
 * This plugin doesn’t do anything/doesn’t load for non logged-in users. Additionally
   the settings page is only accessible for admins. In that terms SQL Injections,
   XSS, and/or remote file upload vulnerabilities are very unlikely.
 * If you believe you found vulnerabilities, please contact me privately through
   [http://www.laptoptips.ca/contact/](http://www.laptoptips.ca/contact/).
 *  Plugin Author [Andrew Ozz](https://wordpress.org/support/users/azaozz/)
 * (@azaozz)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/remote-file-upload-vulnerability-2/#post-4685617)
 * [@henndi001](https://wordpress.org/support/users/henndi001/) thanks for forwarding
   more info. Both of these advisories are about old versions of the TinyMCE “imagemanager”
   and “filemanager” plugins. These are commercial plugins available from Moxiecode(
   the makers of TinyMCE) and are not included (obviously) in TinyMCE Advanced. 
   As far as I can tell this type of exploits has been fixed in these plugin years
   ago.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Remote File Upload Vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/tinymce-advanced/assets/icon-256x256.png?rev=971511)
 * [Advanced Editor Tools](https://wordpress.org/plugins/tinymce-advanced/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/tinymce-advanced/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/tinymce-advanced/)
 * [Active Topics](https://wordpress.org/support/plugin/tinymce-advanced/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/tinymce-advanced/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/tinymce-advanced/reviews/)

## Tags

 * [sql injections](https://wordpress.org/support/topic-tag/sql-injections/)

 * 2 replies
 * 2 participants
 * Last reply from: [Andrew Ozz](https://wordpress.org/support/users/azaozz/)
 * Last activity: [12 years, 2 months ago](https://wordpress.org/support/topic/remote-file-upload-vulnerability-2/#post-4685617)
 * Status: resolved