URGENT: Security Vulnerability in Timthumb
September 6, 2011 at 4:49 pm | Blog | No comment
Recently, I was made aware of a security vulnerability within the Timthumb image resizing php script, which is utilized in pengbos.com wordpress themes for dynamic image resizing, including the most favorate Aurelius and Corporattica. It is also widely used in other WordPress themes and plugins.
This security vunlnerability may lead to hacker’s attack to the wordpress site. So it is very urgent to fix this issue.
The good news is the author of TimThumb and the author of WordThumb have worked together to release TimThumb v2 which fixes these security issues.
Now all wordpress themes from Pengbos.com are patched with the latest TimThumb v2, you can download any of them, and reinstall theme to fix this issue.
You can also replace the timthumb manually by yourself like described below.
1. download the latest timthub script from http://timthumb.googlecode.com/svn/trunk/timthumb.php
2. replace the timthumb.php in the scripts folder in the theme location with the latest version.
That’s it.
Please upgrade the timthumb as soon as possible!!
If you have any more questions, please don’t hesitate to send me an email, i will try my best to help.
