Security Issue : timthumb.php (2 posts)

  1. ltoinel
    Posted 2 years ago #

    Hi, I don't use Wordress, however I received some attack in destination of the suffusion theme :


    The attacker seems to use a fake host to inject malicious php code.

    Cheers !

  2. Sayontan Sinha
    Theme Author

    Posted 2 years ago #

    Suffusion doesn't have TimThumb. You can verify the source code from the official WP repository: http://themes.svn.wordpress.org/suffusion/4.4.4/. The last version of Suffusion to have TimThumb was 3.7.1, which was almost 2 years back. In fact I took TimThumb out of Suffusion 6 months before the TimThumb vulnerability was discovered.

    Attackers try thousands of random strings in the hopes of injecting malicious code, but rest assured that TimThumb is not a part of the Suffusion code. Moreover, every theme distributed through http://wordpress.org/extend/themes/ goes through a review, and TimThumb is not allowed in your code. So there is no theme on this site that has TimThumb in it.

Topic Closed

This topic has been closed to new replies.

About this Theme

About this Topic


No tags yet.