I got a note from Hostmonster today saying there was a problem with WP-Creativix theme involving a timthumb.php file.
I’m not sure if this is on purpose to exploit users, or if they just need to update (see more info below)
I am a designer, not a developer, but they said…
We have found and corrected exploitable timthumb.php file(s) on your account…The timthumb.php file is a script commonly used in WordPress’s (and other software’s) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a “Malicious Website” by Google or other security authorities.
> Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, we advise you update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files. Note that patching the files requires more in-depth knowledge of the PHP scripting language.”
Just wanted people to know.
- The topic ‘Potential THREAT: WP-Creativix "Free" Theme’ is closed to new replies.