TimThumb exploit - check your themes/plugins for it and be safe

Discussion in 'WordPress' started by myp, Aug 8, 2011.

0
  1. #1
    There is a huge vulnerability (zero day) that could allow hackers to upload and execute malicious code. Many themes/plugins use it (estimates are hundreds of thousands) so check to see if your wordpress themes/plugins have timthumb.php (or do a cpanel search for it) and either clear the file and save or update it (although I hear the "fix" released might still be vulnerable so that would be at your risk).
     
    myp, Aug 8, 2011 IP
  2. yenny

    yenny Member

    Messages:
    187
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    33
    #2
    Sometimes the theme developer calls it thumb.php rather than the full name, so be on the lookout for those as well.
     
    yenny, Aug 8, 2011 IP
  3. myp

    myp Well-Known Member

    Messages:
    1,281
    Likes Received:
    71
    Best Answers:
    0
    Trophy Points:
    140
    #3
    Good call- I've seen thumbs.php as well.
     
    myp, Aug 8, 2011 IP
  4. bogi

    bogi Well-Known Member

    Messages:
    482
    Likes Received:
    16
    Best Answers:
    2
    Trophy Points:
    140
    #4
    :rolleyes: And also img.php
     
    bogi, Aug 8, 2011 IP