Just a headsup if you're using a theme that uses TimThumb.
Due to all the security issues with the plugin / script (it's a single file) the developers issued a number of updates over the last few days which culminated in the release of version 2.
You should also update the file in any themes that are not active OR delete the themes, as the vulnerability is potentially accessible even if the theme isn't active.
You can download the latest version here
Related articles
- TimThumb Zero Day Vulnerability Affects Hundreds of WordPress Themes (pressography.com)
- 712 Fewer Vulnerable TimThumb Scripts in Existence (vaultpress.com)
- Zero-day bug found in WordPress image utility (theinformativereport.com)
- TimThumb security issue with WordPress (blacknight.com)
- Timthumb.php Security Vulnerability - Just the Tip of the Iceberg (sucuri.net)
Leave a Reply