[Plugin: Timthumb Vulnerability Scanner] Found Vulnerability in plugin directory | WordPress.org

rwilki
(@rwilki)

12 years, 6 months ago

I thought this was interesting. It found a vulnerability in this file “cg-tvs-filescanner.php” which only exists because of this plugin. I deactivated the plugin and removed it. I guess it’s not for this website…

http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author Peter Butler
(@peterebutler)

12 years, 6 months ago

Sounds like a bug – the scanner file WILL match itself (and therefore flag as vulnerable), but it should be set to skip over scanning that file. I’ll try to take a closer look at what could have caused the issue you saw. If you’ve got any info you can share, I’d love to hear it. THanks!

dmx09
(@dmx09)

12 years, 1 month ago

I have the same issue, it correctly updated instances of timthumb but does pick out vulnerabilities in these 2 files.

cg-tvs-filescanner.php
class-cg-tvs-filescanner.php

This would be fine but it also keeps reminding me in a red dialog box.. Did you ever manage to find out why this might happen?

Thanks for a very useful plugin btw!

Plugin Author Peter Butler
(@peterebutler)

12 years ago

DMX, I at least verified that this happens on Windows installations, but I’ve updated the plugin to handle those properly – should be working now.

Thanks!

dmx09
(@dmx09)

12 years ago

Works perfectly now, many thanks for addressing that so quickly!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘[Plugin: Timthumb Vulnerability Scanner] Found Vulnerability in plugin directory’ is closed to new replies.

In: Plugins
4 replies
3 participants
Last reply from: dmx09
Last activity: 12 years ago
Status: not resolved