Deans FCKEditor with PWWANGS Code for WordPress(version 1.0.0) Security Vulnerability


WordPress

Web security company Sucuri recently released a security alert concerning a WordPress plugin called Deans FCKEditor with PWWANGS Code for WordPress. The said plugin contains a very serious vulnerability that allowed hackers to gain full control – modify, upload and execute files on any website running WordPress.

With the plugin installed on a certain website, a hacker or malicious person can gain access to the web server via HTTP through a backdoor in the plugin’s directory and use a graphic user interface (GUI) to wreck havoc. The Deans FCKEditor with PWWANGS Code for WordPress plugin has already been removed from the official WordPress Plugin repository but unfortunately, a lot of users are not aware of this security vulnerability.

If you happen to have Deans FCKEditor with PWWANGS Code for WordPress plugin installed on your website, you need to completely REMOVE it from your web server (delete plugin folder and files). Deactivating the plugin is not enough because as long as the vulnerable files exist on your web server, hackers and malicious persons are still capable of uploading files to your web server.

NOTE: The plugin involved is different from these plugins – Dean’s FCKEditor For WordPress and Dean’s FCKEditor For WordPress (same name but different plugins).

Please help spread the word so more WordPress users will be aware of this vulnerability.

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">