The TimThumb vulnerability is still in the wild as another major site fell victim to it just yesterday. As sad as this situation may be, it just goes to show that some sites may still be running the infected script even after news of the vulnerability broke over six months ago.
Like the old saying, there’s no time like the present, and now is the perfect time to install and run the TimThumb Vulnerability Scanner and Exploit Scanner plugins. If you are at all confused by the results of either of these scanners, the kind folks at the WordPress Support Forums will be more than happy to help you.
I just scanned by site using the TimThumb Vulnerability Scanner and found the timthumb script was out of date which i updated using this plugin.
All my other sites on another server where all exploited because i hadn’t updated all my plugins and themes
This is really good to know, thanks.
I suppose there is reasoning behind Google’s notices to update CMS versions in Google Webmaster Tools.
I have many sites and till recently I was not aware that few of my sites still had this outdated TimThumb version that had security issues. Luckily Google Webmaster tools are warning about outdated themes, frameworks, etc.
I don’t see how anyone can not want to fix their site to cover a vulnerability like this.
Not doing it can only leave you open to bad things.
All my other sites on another server where all exploited because i hadn’t updated all my plugins and themes.