Potential hacking threat

  • froddis

    (@froddis)


    6 years, 8 months ago

    Hiya,
    Just an FYI – one of our domains just got hacked by someone adding a malicious php file to our TinyMCE folder: /wp-content/plugins/tinymce-advanced/langs/ymqjjiil.php

    We were running your previous version of 4.6.3 and WP 4.9 and had not yet updated because none of the updates suggested a security threat.

    We’ve checked our other sites and they appear to be ok and are running updates as quickly as we can.

    Just wanted to post it here so others can update quickly and check their sites for the same issue.
    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Andrew Ozz

    (@azaozz)

    6 years, 8 months ago

    Hi @froddis, thanks for the warning. Don’t think this has anything to do with TinyMCE Advanced. This plugin is very secure and doesn’t let the users to upload or save files to the server.

    Whoever put that file there was probably trying to “hide” it in a location you are less likely to look. Generally this type of attacks are performed when somebody gains access to the whole server, then runs a script that places randomly named files in “hidden” locations. They probably chose that location as TinyMCE Advanced is a fairly popular plugin.

    e_baker

    (@e_baker)

    6 years, 8 months ago

    Hey @froddis,

    In the release post for version 4.9.1, it specifically says “WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack.”

    You will want to make sure each of your installations is running the most recent version.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Potential hacking threat’ is closed to new replies.