WordPress.org

Ready to get started?Download WordPress

Forums

Advanced Recent Posts Widget
This plugin uses Timthumb, does not support custom taxonomies (2 posts)

1 star
  1. morolo
    Member
    Posted 11 months ago #

    Timthumb has a very serious exploit that can result in your website being owned and turned into a spam mirror. Please, please use something other than timthumb for image manipulation!

    See: http://www.exploit-db.com/wordpress-timthumb-exploitation/

    Also, this plugin does not support custom taxonomies which is curious since it supports custom post types.

  2. crdunst
    Member
    Posted 7 months ago #

    Hi, I'm not the author, but I have this plugin running on a site, and your comment prompted me to look into this. It seems the version of timthumb in this plugin is indeed safe.

    There was a vulnerability that was fixed around version 2.8.2 - this plugin is using timthumb version 2.8.10. A third-party scan for vulnerabilities confirmed this version in this plugin is safe.

    I appreciate you flagging it up with the best intentions, but perhaps you should have confirmed whether this is indeed a safe plugin before posting your comment :)

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.