WordPress.org

Ready to get started?Download WordPress

Forums

WP-Creativix
Potential THREAT: WP-Creativix "Free" Theme (6 posts)

  1. digitaldorkettedolls
    Member
    Posted 4 months ago #

    I got a note from Hostmonster today saying there was a problem with WP-Creativix theme involving a timthumb.php file.

    I'm not sure if this is on purpose to exploit users, or if they just need to update (see more info below)

    I am a designer, not a developer, but they said...

    We have found and corrected exploitable timthumb.php file(s) on your account...The timthumb.php file is a script commonly used in WordPress's (and other software's) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a "Malicious Website" by Google or other security authorities.
    >
    > Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, we advise you update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files. Note that patching the files requires more in-depth knowledge of the PHP scripting language."

    Just wanted people to know.

  2. Jason Jensen
    Member
    Posted 4 months ago #

    They/you just need to update the timthumb script, I doubt this theme author is being malicious.

    This is a common issue that the bigger hosts will alert you to - oftentimes the host will also include an updated version of the script. You just then overwrite the old version of the script with the new one via FTP. I've had to do this a few times myself.

  3. digitaldorkettedolls
    Member
    Posted 4 months ago #

    I understand. HM did that for me, then I looked for others.

    I've had a few problems with my hard-drive lately, and they were after this was discovered. (Probably not connected at all, more likely related to my vector habit) but I wanted to mention it on the WP-Creativix theme page in the forum for anybody who was going to download it, so that they could fix that issue.

    I'm sure they are aware of that type of problem with timthumbs. Just maybe they didn't remember to do it.

    I meant only to be helpful.

  4. alchymyth
    The Sweeper & Moderator
    Posted 4 months ago #

    what version of the theme are you or were you using?

    the current version of WP-Creativix is 2.5 and it does not seem to contain a 'timthumb.php' file in its /script folder

    - simply consider to upgrade to this latest version (unless you have made direct edits to your theme)

  5. digitaldorkettedolls
    Member
    Posted 4 months ago #

    I don't think I have the latest version. I apologize for your trouble. Please let me know where I can get the latest version and I will uninstall and reinstall.

    Thanks for your patience.

  6. WPyogi
    Volunteer Moderator
    Posted 4 months ago #

    The latest version is here:

    http://wordpress.org/themes/wp-creativix

    or via your Dashboard.

Reply

You must log in to post.

About this Theme

About this Topic