FCKEditor fixed in version 4.54. User needed to be logged in as an ADMIN user to be able to use this vulnerability.