TimThumb security issue with WordPress

By on August 2, 2011 in Blogging, security

We’re seeing a fair bit of chatter this morning about a security exploit in TimThumb so if you run a WordPress blog and are using a third party theme that resizes images chances are good that it has TimThumb included in it. (TimThumb doesn’t come with WordPress by default)

For more info about the exploit and how to fix it head on over to
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

UPDATE 1210 – the lead developer of TimThumb has updated the code to fix the issue so you can download the latest version from here

UPDATE 6th August

A couple of things to note.
If you have *any* WordPress themes installed that use TimThumb you should either delete / remove them entirely or update TimThumb to the latest version.

The latest version of TimThumb which was released in the last 24 hours is a significant rewrite of the code and so even if you updated earlier this week you should update again.

Related articles

About James Larkin

I'm a web designer by day and by night I like to dabble in web design. At Blacknight I work on lots of different things templating this (Blacknight Blog) and that (Blacknight Store), creating this Dropped.ie and helping create that (Getting Business Online). Daily I get to work on lots of different things be they marketing, support, design or development related. My cat (Squishy) seems to turn up regularly in strange places and might betray my interest in photography.
View all posts by James Larkin

, , , , , ,

Comments are closed.