WordPress.org

Ready to get started?Download WordPress

Forums

Connections Business Directory
[resolved] [Plugin: Connections] TimThumb Vulnerability (5 posts)

  1. talkrite
    Member
    Posted 2 years ago #

    Tried to repair with TimThumb Vulnerability Scanner, but site went down due to the repair.

    http://wordpress.org/extend/plugins/connections/

  2. shazahm1
    Member
    Plugin Author

    Posted 2 years ago #

    The simple solution is not to use the scanner. Connections already has the secured version of TimThumb.

  3. vest24
    Member
    Posted 1 year ago #

    Connections 0731 doesn't have the latest timthumb 2.8.11. Also, the vulnerability scanner shows that connections.php is vulnerable.

    I upgraded to the latest timthumb, but I don't know why connections.php is vulnerable.

  4. shazahm1
    Member
    Plugin Author

    Posted 1 year ago #

    @vest24

    Connections has version 2.8.10 r215 which is secured. TimThumb 2.8.11 r216 was just released a few days ago. It does not contain any security related fixes ... just a comment fix, a better handling of PNG files with transparency and a check for a redirect in the image path. The connections.php file is likely flagged because it mentions timthumb.php in the code comments. IT is not advisable that you use its auto fix function as it breaks Connections by overwriting the connections.php file with the timthumb.php file.

  5. jkirker
    Member
    Posted 1 year ago #

    @shazahm1 - Why not get with the author of that plugin to be whitelisted if there is no vulnerability?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic