JCE is a very popular content editor for Joomla! sites. A vulnerability has been reported in JCE 2.0 and JCE 1.5 that allows a logged in user - who has access to JCE (ie: they can created or edit articles) and any of the Image Manager, Image Manager Extended, File Manager, Media Manager or Template Manager plugins - to view and manipulate files and folders outside of the folder assigned to these plugins.
JCE 2.0.11 and JCE 188.8.131.52 add additional security checks to fix the vulnerability. Additional checks have also been added to some functions in the Image Manager Extended and Template Manager plugins.
Upgrade JCE to the latest version.
WordPress Plugin Google Map Remote Code Execution (1.0)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)
WordPress Plugin WP E-Signature Remote Code Execution (184.108.40.206)
WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)