WordPress.org

Forums

BJ Lazy Load
[resolved] Security Warning From Vaultpress - timthumb (4 posts)

  1. stemie
    Member
    Posted 1 year ago #

    I just got a security warning from Vaultpress regarding BJ lazy load plugin and the timthumb script. The plugin is the most up to date version.

    Is this a problem other people are having?

    Should I remove the plugin?

    Vaultpress claims the threat has been fixed.

    https://wordpress.org/plugins/bj-lazy-load/

  2. Bjørn Johansen
    Member
    Plugin Author

    Posted 1 year ago #

    There was a TimThumb exploit announced today, but it requires WebShot to be enabled and it is disabled both by default and also in BJ Lazy Load.

    You are perfectly safe.

    BTW: I am working on a release where TimThumb is removed completely. It will probably be released in August or September.

  3. stemie
    Member
    Posted 10 months ago #

    I've got the same warning today after updating your plugin to the most recent version.

    Is it still safe?

    I like your plugin I'm just paranoid about getting hacked. I run backups but it's still a pain if this go wrong.

    Hopefully Timthumb will be removed all together :)

  4. Bjørn Johansen
    Member
    Plugin Author

    Posted 10 months ago #

    It still safe, but unfortunately I haven't had the time to rewrite the parts to remove TimThumb yet.

    If you're paranoid, do not enable neither HiDPI images nor responsive images, and delete timthumb.php from the plugin folder. Lazy loading will still work fine.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • BJ Lazy Load
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic