Just a heads up that this plugin includes an older version of TimThumb, which has a major security issue in it. If you use this plugin, you should download the latest version of TimThumb at http://timthumb.googlecode.com/svn/trunk/timthumb.php though it would be good of Woo to update this plugin. :-)
WooTumblog
[resolved] This plugin needs secured against TimThumb (7 posts)
-
Vince LaMonica
Posted 9 months ago # -
ryanr14
Posted 9 months ago #Hey Vince,
I do believe an update has or is being pushed out right now. :)
-
jeffikus
Posted 9 months ago #Correct - V2.0.6 has the latest version.
-
tuninghost
Posted 9 months ago #After the latest update the thumb.php script doesn't work anymore for me.
It generates the following error:
A TimThumb error has occuredThe following error(s) occured:
Could not open the lockfile for writing an image.Query String : src=wp-content/uploads/2011/08/toyota-supra-replica-super-gt-haotic-12.jpg&w=640px&h=&zc=1&q=90
TimThumb version : 2.8Nothing has changed except the upgrade to 2.0.6...
Thanks
-
nanske
Posted 7 months ago #Where do I need to place this? (I'm not a developer)
http://timthumb.googlecode.com/svn/trunk/timthumb.php -
Posted 6 months ago #TimThumb scanner states that the version that comes with the wootumblog plugin is 2.8 which is vulnerable. 2.8.2 is secure.
-
Posted 6 months ago #Hi there
I've just pushed a commit to the plugin to update to 2.8.2 - see http://plugins.trac.wordpress.org/log/woo-tumblog/
Thanks,
Jeff
Reply
You must log in to post.
