The TimThumb vulnerability is still in the wild as another major site fell victim to it just yesterday. As sad as this situation may be, it just goes to show that some sites may still be running the infected script even after news of the vulnerability broke over six months ago. Like the old saying, there’s no time like the present, and now is the perfect time to install and run the TimThumb Vulnerability Scanner and Exploit Scanner plugins. If you are at all confused by the results of either of these scanners, the kind folks at the WordPress Support Forums will be more than happy to help you.
[Continue Reading...]
Posts Tagged ‘timthumb’
Previous Post WordPress Theme Releases for 4/9
Previous Post WordPress Theme Releases for 9/6
If you’re worried about the recent TimThumb security vulnerability, but haven’t had a chance to see if you’re affected, identifying and fixing vulnerable instances of TimThumb just got a whole lot easier thanks to a new plugin from Peter Butler. Now, all you need to do is install and activate this plugin, run the scanner from the new Tools -> Timthumb Scanner section in your Dashboard, and click the Fix button to repair any vulnerabilities that are found.
[Continue Reading...]Previous Post WordPress Plugin Releases for 8/3
A zero day vulnerability has been found in TimThumb, a popular image resizing script used by several WordPress themes. The person who discovered the vulnerability has issued a fix and instructions to detect any lingering hacks. As described on the VaultPress blog, “The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.” The folks at Sucuri have constructed a great list of just a few affected WordPress themes, just to give you idea of how many themes use TimThumb. If your theme uses TimThumb, contact your theme author for an update immediately, or download the latest version if it has already been updated. If your theme author is not willing to offer an update, it’s probably time for a new theme, but you can also […]
[Continue Reading...]About the Author
- James
James began using WordPress in 2004. Being new to WordPress (and blogging in general), he quickly found the WordPress Support Forums and basically never left. James currently resides in sunny Southern California, where he enjoys bringing happiness to millions of WordPress.com users.
Web: http://macmanx.com
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
