Forums

WordPress › Support » Plugins and Hacks

Timthumb Vulnerability Scanner
2.8 version reported as vulnerable (2 posts)

  1. hopes
    Member
    Posted 5 months ago #

    Hi,
    I'm using a Themefuse theme which runs 2.8 version of the timthumb.php script. Theme developer say the vulnerability is fixed with that version, anyway, running this plugin it is still reported as vulnerable.
    Is this a false positive?
    Thanks a lot.
    Cheers

    http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

  2. Peter Butler
    Member
    Posted 5 months ago #

    This is sort of a loaded subject. The main vulnerability, which caused all of the issues, is fixed as of version 2 - so version 2.8 is much safer than anything under version 2. However, there was some concern around the way even 2.8 sanitized some input, and it wasn't as secure as it COULD be. That was fixed as of version 2.8.2.

    So: is version 2.8 vulnerable? Not in the way pre-2.0 versions were - however, to be absolutely safe, it's a good idea to be running 2.8.2 or above.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags