Forums

WordPress › Support » Plugins and Hacks

Connections Business Directory
[resolved] [Plugin: Connections] TimThumb Vulnerability (4 posts)

  1. talkrite
    Member
    Posted 11 months ago #

    Tried to repair with TimThumb Vulnerability Scanner, but site went down due to the repair.

    http://wordpress.org/extend/plugins/connections/

  2. shazahm1
    Member
    Plugin Author
    Posted 11 months ago #

    The simple solution is not to use the scanner. Connections already has the secured version of TimThumb.

  3. vest24
    Member
    Posted 5 months ago #

    Connections 0731 doesn't have the latest timthumb 2.8.11. Also, the vulnerability scanner shows that connections.php is vulnerable.

    I upgraded to the latest timthumb, but I don't know why connections.php is vulnerable.

  4. shazahm1
    Member
    Plugin Author
    Posted 5 months ago #

    @vest24

    Connections has version 2.8.10 r215 which is secured. TimThumb 2.8.11 r216 was just released a few days ago. It does not contain any security related fixes ... just a comment fix, a better handling of PNG files with transparency and a check for a redirect in the image path. The connections.php file is likely flagged because it mentions timthumb.php in the code comments. IT is not advisable that you use its auto fix function as it breaks Connections by overwriting the connections.php file with the timthumb.php file.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags