I discovered yesterday that my site had been comprised and identified that the hack exploited to do this was the Timthumb vulnerability. I had version 1.1.8 of the TheThe Image Slider but the version of Timthumb used within this was 2.8, not one of the later ‘fixed’ versions.
I’ve now resolved this and I see that the version of timthumb in the current download of Image Slider is 2.8.10. Did you fix this without changing the version number of Image Slider, and therefore triggering a plugin update?
I suggest that anyone else using TheThe Image Slider checks the version of timthumb.php in their TheThe-Image-Slider plugin directory to check they have version 2.8.2 upwards. There is a plugin to check all your plugins called Timthumb Vulnerability Scanner. This can also be used to fix any problems.
- The topic ‘Timthumb vulnerability’ is closed to new replies.