TimThumb.php Vulnerability Not Only Affecting Themes – Plugins too

The Timthumb.php vulnerability is being used in the wild to hack and infect thousands of WordPress sites.

Hopefully everyone is checking their themes and updating the script to make sure it is not vulnerable. This is wishful thinking.

Unfortunately, the issue is not limited to themes alone. There are some plugins that include the TimThumb.php script, and you need to check and update them as well (if you are not sure how to do so, check out this post, we’ve include a script to automate it for you).

So a bit more about the plugins, we just found a hacked site that had the vslider plugin installed on it. This plugin contains the vulnerable timthumb.php script which was used to gain access and compromise the site.

The plugin in question had almost 30,000 downloads and hasn’t been updated for a while leaving their users vulnerable to this issue.

Update: The vslider plugin was just updated 24hrs ago and it seems they fixed this problem.

Minimize Your Risk

Here are a few things that if put into practice will help you minimize the risk of getting exploited:

  1. Keep your themes and plugins updated – #1 cause of malware infections and hacks independent of any platform!
  2. Only download from reputable sources (WordPress.org).
  3. Only use plugins and themes that are being actively developed and have good, trusted reviews. Do your homework
  4. Keep an eye on WordPress security news to see if there are any issues with the plugins or themes you are using.
  5. Don’t just disable, remove any software that you’re not actively using. Just because it’s not active doesn’t mean it’s not vulnerable
4 comments
  1. For those of you that have shell access to your server here is the script I used to clean up over 80 instances in themes and plugins on my server.


    #!/bin/sh
    mkdir tmp
    cd tmp
    wget http://timthumb.googlecode.com/svn/trunk/timthumb.php
    for timthumb in `locate timthumb.php`; do
    cp timthumb.php ${timthumb}
    done

    #### HANDLE THE OTHER TIMTHUMB.PHP INSTANCES THAT ARE NAMED THUMB.PHP (WOOTHEMES DOES THIS)
    cp timthumb.php thumb.php
    for thumb in `locate thumb.php | grep /thumb.php`; do
    cp thumb.php ${thumb}
    done

Comments are closed.

You May Also Like