Is WordPress Popular Posts 2.1.4 really vulnerable? | WordPress.org

raners
(@raners)

12 years, 6 months ago

Hey guys.

At Secunia website i saw an advisory about “WordPress Popular Posts Plugin “src” Arbitrary File Upload” (http://secunia.com/advisories/46216/) in version 2.1.4. I believe the problem is usage of an outdated “Timthumb.php” script. In my installation of “WordPress Popular Posts” plugin (version 2.1.4), the “Timthumb.php” script version is 1.09, which should not be vulnerable (based on few web page explaining the Timthumb.php vulnerability). Since there is not much information about it, I was wondering, if the vulnerability really exists or no? At leats, I could not upload a remote image.

Can you help me figure this out?

Viewing 1 replies (of 1 total)

Rev. Voodoo
(@rvoodoo)

12 years, 6 months ago

the plugin page itself says:

Due to critical security issues, WordPress Popular Posts v.2.1.5 has dropped support for TimThumb. Please upgrade as soon as possible since your site may be under risk of being exploited.

So it seems best to upgrade…..

Viewing 1 replies (of 1 total)

The topic ‘Is WordPress Popular Posts 2.1.4 really vulnerable?’ is closed to new replies.

In: Hacks
1 reply
2 participants
Last reply from: Rev. Voodoo
Last activity: 12 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics