Title: Warning: TinyMCE Exploit Last modified: August 20, 2016 --- # Warning: TinyMCE Exploit * [Chris Cash](https://wordpress.org/support/users/cashman/) * (@cashman) * [14 years, 7 months ago](https://wordpress.org/support/topic/warning-tinymce-exploit/) * Noticed a couple of WordPress sites I operate have been compromised via: * /wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/328.php * File modifications/injections occurred on 9/3/2011 * No plugins or themese installed except for defaults and running latest version. Should TinyMCE be updated separately from WP updates? Any safer options than TinyMCE? Looks like its been the entry point for other cms and custom scripts as well. Viewing 6 replies - 1 through 6 (of 6 total) * [leeuniverse](https://wordpress.org/support/users/leeuniverse/) * (@leeuniverse) * [14 years, 7 months ago](https://wordpress.org/support/topic/warning-tinymce-exploit/#post-2284156) * Hey…. I just checked the WordPress files both offline and online and I don’t have that 328.php in my folder? * Is that the actual “hack” file someone put in there, or is that the file that they got in through? * Using 3.2.1 * Thread Starter [Chris Cash](https://wordpress.org/support/users/cashman/) * (@cashman) * [14 years, 7 months ago](https://wordpress.org/support/topic/warning-tinymce-exploit/#post-2284171) * That file is one of three php files that are in that folder. They both contain wp_addfilter references along with obfuscated code. The folder was not world writeable. * [mbezhanov](https://wordpress.org/support/users/mbezhanov/) * (@mbezhanov) * [14 years, 6 months ago](https://wordpress.org/support/topic/warning-tinymce-exploit/#post-2284431) * Many people have been affected by this hack in September 2011, including me – my whole hosting account was infected. * You can read the full info from my investigation in my blog: [http://www.marinbezhanov.com/web-development/6/malware-alert-september-2011-sshell-v.1.0/](http://www.marinbezhanov.com/web-development/6/malware-alert-september-2011-sshell-v.1.0/) * Also, these guys have been kind enough to create a script that cleans up your installation files from the malicious code: [http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html](http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html) * Thread Starter [Chris Cash](https://wordpress.org/support/users/cashman/) * (@cashman) * [14 years, 6 months ago](https://wordpress.org/support/topic/warning-tinymce-exploit/#post-2284434) * Thanks for replying. Any ideas on whether this is a WordPress or TinyMCE exploit? Sure would like to know how they were able to gain access. * [mbezhanov](https://wordpress.org/support/users/mbezhanov/) * (@mbezhanov) * [14 years, 6 months ago](https://wordpress.org/support/topic/warning-tinymce-exploit/#post-2284437) * I can’t say for sure, but I think it’s some sort of a tinyMCE exploit. However, the hackers seems to be targetting WordPress sites only. The WP blog that got infected on my server didn’t have TinyMCE anywhere in the front end, so there must be some WordPress weakness that allows the hackers to access tinyMCE and use its exploit… * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [14 years, 6 months ago](https://wordpress.org/support/topic/warning-tinymce-exploit/#post-2284438) * There is no known issue of this type in the current version of WordPress. If you have hard evidence to the contrary, please do not post it publically but [report it appropriately](http://codex.wordpress.org/Security_FAQ). Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Warning: TinyMCE Exploit’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 4 participants * Last reply from: [esmi](https://wordpress.org/support/users/esmi/) * Last activity: [14 years, 6 months ago](https://wordpress.org/support/topic/warning-tinymce-exploit/#post-2284438) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics