Web security company Sucuri recently released a security alert concerning a WordPress plugin called Deans FCKEditor with PWWANGS Code for WordPress. The said plugin contains a very serious vulnerability that allowed hackers to gain full control – modify, upload and execute files on any website running WordPress.

With the plugin installed on a certain website, a hacker or malicious person can gain access to the webserver via HTTP through a backdoor in the plugin’s directory and use a graphic user interface (GUI) to wreak havoc. The Deans FCKEditor with PWWANGS Code for WordPress plugin has already been removed from the official WordPress Plugin repository but unfortunately, a lot of users are not aware of this security vulnerability.

If you happen to have Deans FCKEditor with PWWANGS Code for WordPress plugin installed on your website, you need to completely REMOVE it from your web server (delete plugin folder and files). Deactivating the plugin is not enough because as long as the vulnerable files exist on your web server, hackers and malicious persons are still capable of uploading files to your web server.

NOTE: The plugin involved is different from these plugins – Dean’s FCKEditor For WordPress and Dean’s FCKEditor For WordPress (same name but different plugins).

Please help spread the word so more WordPress users will be aware of this vulnerability.

JaypeeOnline is supported by its audience. When you click on the advertisements or purchase through links on our site, we may earn an affiliate commission. Learn more



Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.