Hosting & Domains News

TimThumb security issue with WordPress

We’re seeing a fair bit of chatter this morning about a security exploit in TimThumb so if you run a WordPress blog and are using a third party theme that resizes images chances are good that it has TimThumb included in it. (TimThumb doesn’t come with WordPress by default)

For more info about the exploit and how to fix it head on over to
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

UPDATE 1210 – the lead developer of TimThumb has updated the code to fix the issue so you can download the latest version from here

UPDATE 6th August

A couple of things to note.
If you have *any* WordPress themes installed that use TimThumb you should either delete / remove them entirely or update TimThumb to the latest version.

The latest version of TimThumb which was released in the last 24 hours is a significant rewrite of the code and so even if you updated earlier this week you should update again.

Exit mobile version