TinyMCE Advanced
TinyMCE Advanced is an open door for Spammers (9 posts)

  1. rangitoto
    Posted 2 years ago #

    Hi all!

    I found out that TinyMCE Advanced is an open door for Spammers. They managed it somehow to use my server to send Spammails. They use TinyMCE Advanced for that.
    I sadly had to delete TinyMCE Advanced.

    Is there a solution?

    Thanks in advance!



  2. Andrew Ozz
    WordPress Dev
    Plugin Author

    Posted 1 year ago #

    Was your site exploited? Don't see any vulnerabilities in this plugin, and have never heard of any. Most sites are exploited from neighboring hosting accounts or because they are very outdated. Usually they try to hide the exploit in some place you're not likely to look at.

    If you are sure than the point of entry was in this plugin, please email me privately from here: http://www.laptoptips.ca/contact/

  3. deFUNKT
    Posted 1 year ago #

    Any updates on this?

    I have seen spam problems with a site that has Tiny MCE Advanced. No idea if it actually is the problem. Will try to disable it.

  4. deFUNKT
    Posted 1 year ago #

    No concrete proof that the plugin was the culprit, but haven't seen any spam sent since I removed it.

    WP 3.7.1
    TimyMCE latest version

  5. rangitoto
    Posted 1 year ago #

    @deFUNKT: Same here. Since I removed it - no problems!

  6. Onkton
    Posted 1 year ago #

    TinyMCE 3.5.9 isn't working in my blog (3.7.1 WP)

    in another blog it's working (Tiny MCE 3.5.8 with WP 3.7.1)

    anyone else the prob or a solution?

    best regards

  7. Terry J
    Posted 1 year ago #

    Have been watching this thread as use the plugin and have recommended it to many.

    After waiting a few days to hear "no way - TinyMCE is not responsible" from author starting to get nervous.

    Really would appreciate to yes, maybe or no please...

  8. Andrew Ozz
    WordPress Dev
    Plugin Author

    Posted 1 year ago #

    The plugin code is not exploitable and doesn't have any security vulnerabilities. Additionally this plugin doesn't do anything even remotely related to email.

    Unfortunately the original poster (or any of the other users) didn't send any more info on this. Would be really helpful to see an example of this...

    If somebody else suspects their site has been exploited, the first thing to do would be to install and run the Exploit Scanner plugin. If that doesn't turn anything, and TinyMCE Advanced is suspected, please download your current copy of TinyMCE Advanced to your computer (with FTP) and a fresh copy from the plugin repository. Then visually compare the .php files. An exploit will be easily visible as an extra "block" of code.

  9. Terry J
    Posted 1 year ago #

    Kind of what I thought Andrew.

    Case closed far as I am concerned.

    Thank you much for clearing up.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • TinyMCE Advanced
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic