WordPress.org

Forums

Timthumb Vulnerability Scanner
Found Vulnerability in plugin directory (5 posts)

  1. rwilki
    Member
    Posted 3 years ago #

    I thought this was interesting. It found a vulnerability in this file "cg-tvs-filescanner.php" which only exists because of this plugin. I deactivated the plugin and removed it. I guess it's not for this website...

    http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

  2. Peter Butler
    Member
    Plugin Author

    Posted 3 years ago #

    Sounds like a bug - the scanner file WILL match itself (and therefore flag as vulnerable), but it should be set to skip over scanning that file. I'll try to take a closer look at what could have caused the issue you saw. If you've got any info you can share, I'd love to hear it. THanks!

  3. dmx09
    Member
    Posted 3 years ago #

    I have the same issue, it correctly updated instances of timthumb but does pick out vulnerabilities in these 2 files.

    cg-tvs-filescanner.php
    class-cg-tvs-filescanner.php

    This would be fine but it also keeps reminding me in a red dialog box.. Did you ever manage to find out why this might happen?

    Thanks for a very useful plugin btw!

  4. Peter Butler
    Member
    Plugin Author

    Posted 3 years ago #

    DMX, I at least verified that this happens on Windows installations, but I've updated the plugin to handle those properly - should be working now.

    Thanks!

  5. dmx09
    Member
    Posted 3 years ago #

    Works perfectly now, many thanks for addressing that so quickly!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Timthumb Vulnerability Scanner
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic