This plugin uses Timthumb, does not support custom taxonomies - [Advanced Recent Posts Widget] Review | WordPress.org

morolo
(@morolo)

10 years, 9 months ago

Timthumb has a very serious exploit that can result in your website being owned and turned into a spam mirror. Please, please use something other than timthumb for image manipulation!

See: http://www.exploit-db.com/wordpress-timthumb-exploitation/

Also, this plugin does not support custom taxonomies which is curious since it supports custom post types.

Viewing 1 replies (of 1 total)

crdunst
(@crdunst)

10 years, 5 months ago

Hi, I’m not the author, but I have this plugin running on a site, and your comment prompted me to look into this. It seems the version of timthumb in this plugin is indeed safe.

There was a vulnerability that was fixed around version 2.8.2 – this plugin is using timthumb version 2.8.10. A third-party scan for vulnerabilities confirmed this version in this plugin is safe.

I appreciate you flagging it up with the best intentions, but perhaps you should have confirmed whether this is indeed a safe plugin before posting your comment 🙂

Viewing 1 replies (of 1 total)

The topic ‘This plugin uses Timthumb, does not support custom taxonomies’ is closed to new replies.

In: Reviews
1 reply
2 participants
Last reply from: crdunst
Last activity: 10 years, 5 months ago