Advanced Recent Posts Widget
This plugin uses Timthumb, does not support custom taxonomies (2 posts)

  1. morolo
    Posted 3 years ago #

    Timthumb has a very serious exploit that can result in your website being owned and turned into a spam mirror. Please, please use something other than timthumb for image manipulation!

    See: http://www.exploit-db.com/wordpress-timthumb-exploitation/

    Also, this plugin does not support custom taxonomies which is curious since it supports custom post types.

  2. crdunst
    Posted 2 years ago #

    Hi, I'm not the author, but I have this plugin running on a site, and your comment prompted me to look into this. It seems the version of timthumb in this plugin is indeed safe.

    There was a vulnerability that was fixed around version 2.8.2 - this plugin is using timthumb version 2.8.10. A third-party scan for vulnerabilities confirmed this version in this plugin is safe.

    I appreciate you flagging it up with the best intentions, but perhaps you should have confirmed whether this is indeed a safe plugin before posting your comment :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Advanced Recent Posts Widget
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.