Sucuri just released a security alert regarding the Dean’s FCKEditor With pwwang’s code plugin for WordPress plugin (the plugin has already taken off of the plugin repository). Note the full name of the plugin as it is a different plugin from Dean’s FCKEditor For WordPress and Dean’s FCKEditor For WordPress (yes, two plugins with the same name, confusing, I know).
If you are running a plugin named “Dean’s FCKEditor With pwwang’s code plugin for WordPress,” remove it from your site immediately. Note that I don’t just mean deactivate; remove the entire plugin from your site. It is important that it is completely removed as just having the vulnerable file on your server allows people to upload their own files to your site. With this ability, attackers could easily compromise your entire site. So I cannot stress enough how important it is that the plugin files are completely removed.
This is also a good opportunity to remind everyone of the TimThumb vulnerability from nearly a year ago. TimThumb is an image resizer that many themes and plugins used. A vulnerability was discovered that allowed attackers to upload their own files to your site through the TimThumb code. Fortunately, none of our themes ever used TimThumb, but many plugins and other theme companies did. TimThumb was updated to fix this issue, but it may be possible that you have an older plugin or theme on your site that still has the vulnerable code.
Now would be a good time to run the Timthumb Vulnerability Scanner plugin on your sites. This plugin will scan for vulnerable versions of TimThumb and automatically update the code to remove the vulnerability. This is a great way of ensuring that all of your site’s plugins and themes are properly secured against this vulnerability.