Support » Requests and Feedback » [Resolved] new 0-day?

[Resolved] new 0-day?

Viewing 7 replies - 1 through 7 (of 7 total)
  • esmi


    Forum Moderator

    It relates to the use of Timthumb in certain themes & plugins. WordPress itself has never used Timthumb.

    Ahh ok well thanks for the answer… Just started my first site using WP and wasn’t sure.

    I’ll have a look through the limited plugins/themes I’m using now to make sure they’re not using Timthumb but I’m pretty sure I’m not.

    Thanks again!



    Forum Moderator

    Any themes uploaded to, or updated on, http://wordpress.org/extend/themes/ within the past 12 months should be fine.

    @esmi This exploit has nothing at all to do with timthumb, did you even bother to read it?

    Its is in wp-comments-post.php using something like value=”-1337′ UNION SELECT (0,@@VERSION)–” id=’comment_post_ID’

    Line 20 of wp-comments-post.php of version 3.2.1 is
    $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;

    $var = "-1337' UNION SELECT (0,@@VERSION)--";
    echo $var;
    echo "<br/>";
    $var = (int) $var;
    echo $var;


    -1337' UNION SELECT (0,@@VERSION)--

    When casting a String to an Int in php it will only cast the string up until it finds an invalid character.

    So all in all, this should have zero effect on the latest version.

    And 3.0.4 of wp-comments-post.php, since the code is the same, I believe this was changed in 2.8, so in essence this is bunk.

    Moderator Samuel Wood (Otto)


    WordPress.org Tech Dude

    FWIW, this particular vulnerability on comment_post_ID was patched 8 years ago. A bit earlier than version 3.0.4. 😉


    In other words, this is crap.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Resolved] new 0-day?’ is closed to new replies.