WordPress.org

Ready to get started?Download WordPress

Forums

Yoko
Theme uses outdated TimThumb (you will be hacked if you use it) (7 posts)

  1. Jason Paul
    Member
    Posted 2 years ago #

    Just wanted to put a warning out there. My site was hacked because I'd been using the Yoko theme which hasn't been updated in a very long while. Long enough to still be using an outdated TimThumb plugin. For some reason I'd never checked if Yoko was using TimThumb or what version. Anyway, I noticed that my site was infected with the Pharma hack because of it and promptly had to clean things up.

    http://wordpress.org/extend/themes/yoko/

  2. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    Long enough to still be using an outdated TimThumb plugin

    I find that highly unlikely. Themes using Timthumb haven't been allowed in the Theme Repo for a long time. Certainly from before the security issues. I also downloaded a copy of theme to check and, sure enough - no thimthumb script that I could find.

  3. Jason Paul
    Member
    Posted 2 years ago #

    ah, i just looked over the security report again and it turns out I misread and the bad TimThumb was in a plugin. Feel free to delete this thread

  4. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    Can you recall where the plugin was downloaded from? If it was from WPORG, then it needs to be pulled.

  5. Jason Paul
    Member
    Posted 2 years ago #

    I ended up deleting all unnecessary plugins, but this was the culprit as far as I can tell from the report (and I'm nearly positive it was kept up-to-date)

    /plugins/onswipe/framework/thumb/thumb.php

  6. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    This one perhaps: http://wordpress.org/extend/plugins/onswipe/
    It does contain timthumb, so I'll alert the plugin folks just in case

  7. It contains a patched version (version 1.2 or so was the vulnerable one). The latest version is 2.8.10, and the plugin has 2.8.5, so it's unlikely, but possible. Looking further into it.

Topic Closed

This topic has been closed to new replies.

About this Theme

About this Topic

Tags