I have been using TinyMCE as my text-editor for some time now. Recently I needed to use TinyMCE to insert external images in my editor and searched for plugins to do so. AjaxFileManager Plugin came up with perfect solution. It could be used to insert images into your content while using the text editor.

The plugin looked handy and I used it with my TinyMCE. But something I didnt realize was that this plugin could be used to insert other files with malicious codes as well. And, thats what happened.

Google Webmasters Tool notified me about this website being under malware attack. I couldn't trace the source. So I contacted my webserver administrators, who then told me about the location of malicious codes. I was surprised how a javascript code could be used to upload malicious codes. And then, I realized that while using AjaxFileManager it uses, a server-side file to do the actual upload process.

So, I strongly recommend against the use of such server-side plugins for TinyMCE. I could only warn you all so BEWARE.