WordPress.org

Support

Support » Plugins and Hacks » Timthumb vulnerability

Timthumb vulnerability

  • I discovered yesterday that my site had been comprised and identified that the hack exploited to do this was the Timthumb vulnerability. I had version 1.1.8 of the TheThe Image Slider but the version of Timthumb used within this was 2.8, not one of the later ‘fixed’ versions.

    I’ve now resolved this and I see that the version of timthumb in the current download of Image Slider is 2.8.10. Did you fix this without changing the version number of Image Slider, and therefore triggering a plugin update?

    I suggest that anyone else using TheThe Image Slider checks the version of timthumb.php in their TheThe-Image-Slider plugin directory to check they have version 2.8.2 upwards. There is a plugin to check all your plugins called Timthumb Vulnerability Scanner. This can also be used to fix any problems.

    http://wordpress.org/extend/plugins/thethe-image-slider/

  • The topic ‘Timthumb vulnerability’ is closed to new replies.