Support » Plugin: BJ Lazy Load » Security Warning From Vaultpress – timthumb

  • Resolved stemie


    I just got a security warning from Vaultpress regarding BJ lazy load plugin and the timthumb script. The plugin is the most up to date version.

    Is this a problem other people are having?

    Should I remove the plugin?

    Vaultpress claims the threat has been fixed.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Bjørn Johansen


    There was a TimThumb exploit announced today, but it requires WebShot to be enabled and it is disabled both by default and also in BJ Lazy Load.

    You are perfectly safe.

    BTW: I am working on a release where TimThumb is removed completely. It will probably be released in August or September.

    I’ve got the same warning today after updating your plugin to the most recent version.

    Is it still safe?

    I like your plugin I’m just paranoid about getting hacked. I run backups but it’s still a pain if this go wrong.

    Hopefully Timthumb will be removed all together 🙂

    Plugin Author Bjørn Johansen


    It still safe, but unfortunately I haven’t had the time to rewrite the parts to remove TimThumb yet.

    If you’re paranoid, do not enable neither HiDPI images nor responsive images, and delete timthumb.php from the plugin folder. Lazy loading will still work fine.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Warning From Vaultpress – timthumb’ is closed to new replies.