Support » Plugin: BJ Lazy Load » Security Warning From Vaultpress – timthumb

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Bjørn Johansen

    (@bjornjohansen)

    There was a TimThumb exploit announced today, but it requires WebShot to be enabled and it is disabled both by default and also in BJ Lazy Load.

    You are perfectly safe.

    BTW: I am working on a release where TimThumb is removed completely. It will probably be released in August or September.

    I’ve got the same warning today after updating your plugin to the most recent version.

    Is it still safe?

    I like your plugin I’m just paranoid about getting hacked. I run backups but it’s still a pain if this go wrong.

    Hopefully Timthumb will be removed all together 🙂

    Plugin Author Bjørn Johansen

    (@bjornjohansen)

    It still safe, but unfortunately I haven’t had the time to rewrite the parts to remove TimThumb yet.

    If you’re paranoid, do not enable neither HiDPI images nor responsive images, and delete timthumb.php from the plugin folder. Lazy loading will still work fine.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Warning From Vaultpress – timthumb’ is closed to new replies.