Support » Plugins and Hacks » TinyMCE Advanced is an open door for Spammers

TinyMCE Advanced is an open door for Spammers

  • rangitoto


    Hi all!

    I found out that TinyMCE Advanced is an open door for Spammers. They managed it somehow to use my server to send Spammails. They use TinyMCE Advanced for that.
    I sadly had to delete TinyMCE Advanced.

    Is there a solution?

    Thanks in advance!



Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Andrew Ozz


    WordPress Dev

    Was your site exploited? Don’t see any vulnerabilities in this plugin, and have never heard of any. Most sites are exploited from neighboring hosting accounts or because they are very outdated. Usually they try to hide the exploit in some place you’re not likely to look at.

    If you are sure than the point of entry was in this plugin, please email me privately from here: http://www.laptoptips.ca/contact/

    Any updates on this?

    I have seen spam problems with a site that has Tiny MCE Advanced. No idea if it actually is the problem. Will try to disable it.

    No concrete proof that the plugin was the culprit, but haven’t seen any spam sent since I removed it.

    WP 3.7.1
    TimyMCE latest version

    @defunkt: Same here. Since I removed it – no problems!

    TinyMCE 3.5.9 isn’t working in my blog (3.7.1 WP)

    in another blog it’s working (Tiny MCE 3.5.8 with WP 3.7.1)

    anyone else the prob or a solution?

    best regards

    Have been watching this thread as use the plugin and have recommended it to many.

    After waiting a few days to hear “no way – TinyMCE is not responsible” from author starting to get nervous.

    Really would appreciate to yes, maybe or no please…

    Plugin Author Andrew Ozz


    WordPress Dev

    The plugin code is not exploitable and doesn’t have any security vulnerabilities. Additionally this plugin doesn’t do anything even remotely related to email.

    Unfortunately the original poster (or any of the other users) didn’t send any more info on this. Would be really helpful to see an example of this…

    If somebody else suspects their site has been exploited, the first thing to do would be to install and run the Exploit Scanner plugin. If that doesn’t turn anything, and TinyMCE Advanced is suspected, please download your current copy of TinyMCE Advanced to your computer (with FTP) and a fresh copy from the plugin repository. Then visually compare the .php files. An exploit will be easily visible as an extra “block” of code.

    Kind of what I thought Andrew.

    Case closed far as I am concerned.

    Thank you much for clearing up.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘TinyMCE Advanced is an open door for Spammers’ is closed to new replies.