vSlider Multi Image Slider for WordPress
[resolved] Warnning Vslider Zero Day Vulnerability [4.1.1 / timtumb 2.7] (4 posts)

  1. Mike Castro Demaria
    Posted 2 years ago #


    WARNING : upgrade timthumb version of the plugin !

    On of my server crashed, due to timthumb 2.7 security hole ! Read

    I hoe this help,


  2. Mike Castro Demaria
    Posted 2 years ago #

    For the fun a short display of what you will have on your server if you are attacked :

    -rw------- 1 www-data www-data 56094 2013-02-06 13:56 timthumb_tmpimg_KKdENu
    -rw------- 1 www-data www-data 34584 2013-02-06 13:47 timthumb_tmpimg_kKelKl
    -rw------- 1 www-data www-data 53351 2013-02-06 13:41 timthumb_tmpimg_KkFPkY
    -rw------- 1 www-data www-data 53075 2013-02-06 13:41 timthumb_tmpimg_kkGIuc
    -rw------- 1 www-data www-data 46273 2013-02-06 13:34 timthumb_tmpimg_KKi8dN
    -rw------- 1 www-data www-data 46438 2013-02-06 14:23 timthumb_tmpimg_KkIobp
    -rw------- 1 www-data www-data 50088 2013-02-06 13:46 timthumb_tmpimg_Kkm3A4
    -rw------- 1 www-data www-data 50088 2013-02-06 12:42 timthumb_tmpimg_Kkm7b4

    Server crash due to 100% HD empty. And /tmp is cleaned on, reboot, but refill on eaxh request ....

  3. Mr. Vibe
    Plugin Author

    Posted 2 years ago #

    Please Upgrade to latest version 5.0.0.

    In case you have any issues, please post then here: http://vibethemes.com/forums/forumdisplay.php?30-vSlider

    Note: We've removed Timthumb.php and migrated to responsive Flexslider 2.0.
    If your slider was created out of Posts, do not panic. Try out the new vSlider Slide Generator, you'll get back your slides in matter of seconds.

  4. Mike Castro Demaria
    Posted 2 years ago #

    Hi Mr Vibe,

    Thanks you for the upgrade. I recently have lots of security trouble with WP 3.5 and a couple of plugin.

    I think it's a good idea to not use Timthumb.php who use temp file in excessand can filly our server of rubish t'ill go down.

    I have to report many attack technics to WP 3.5. It seem, there is an open hole if you allow writing from web server simply.


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • vSlider Multi Image Slider for WordPress
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic