WordPress.org

Ready to get started?Download WordPress

Forums

Timthumb Vulnerability Scanner
2.8 version reported as vulnerable (2 posts)

  1. hopes
    Member
    Posted 2 years ago #

    Hi,
    I'm using a Themefuse theme which runs 2.8 version of the timthumb.php script. Theme developer say the vulnerability is fixed with that version, anyway, running this plugin it is still reported as vulnerable.
    Is this a false positive?
    Thanks a lot.
    Cheers

    http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

  2. Peter Butler
    Member
    Plugin Author

    Posted 2 years ago #

    This is sort of a loaded subject. The main vulnerability, which caused all of the issues, is fixed as of version 2 - so version 2.8 is much safer than anything under version 2. However, there was some concern around the way even 2.8 sanitized some input, and it wasn't as secure as it COULD be. That was fixed as of version 2.8.2.

    So: is version 2.8 vulnerable? Not in the way pre-2.0 versions were - however, to be absolutely safe, it's a good idea to be running 2.8.2 or above.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic