• Skip to primary navigation
  • Skip to main content
  • Skip to footer
WPSecurityLock – Malware removal & WordPress security services

WPSecurityLock – Malware removal & WordPress security services

WordPress security, malware removal, repair, backups, ongoing maintenance, installation, site migration & support services – WP Security Lock.

  • Facebook
  • LinkedIn
  • Twitter
  • Home
  • About
    • About Us
    • Speaker Information
    • Contact Us by Phone, Email or Live Chat
    • Testimonials
  • Security Services
    • Malware / Virus Removal
    • WordPress Security and Installation Services
    • Monthly Security Packages
    • SSL Conversion Service (HTTP to HTTPS)
  • Blog
  • Resources
  • Contact
  • SafeWP

Warning: TimThumb.php Vulnerability in WordPress Themes and Plugins

August 10, 2011 By Regina Smola 6 Comments

TimThumb.php vulnerability in WordPress themes and pluginsTimThumb.php found with zero-day vulnerability! Update Now.

TimThumb is PHP script for image cropping, zooming and resizing. This script is commonly included in many WordPress themes and plugins. Unfortunately, without removing or updating the timthumb.php script, your site is at risk of being hacked.

Sites have been maliciously hacked with base64_decode …long string of malicious encrypted code')) injected into .php files through the timthumb.php file. This script uses a cache directory that resides inside of wp-content and writes to that directory to grab images and re-size them.

This vulnerability was first reported by Mark Maunder, when his site was hacked through the timthumb.php file. Luckily for all of us, Mark found a solution. He did a re-write of timthumb and created a new secure thumbnailer project called WordThumb. He has now merged his work into TimThumb 2.0.

On the suggestion of Matt Mullenweg (wordpress founder) Ben Gillbanks (timthumb author) and I have been working for the last day to merge my work on WordThumb into TimThumb 2.0.

That work is now complete and TimThumb 2.0 is now available for download from the TimThumb site.

I’m going to be working with Ben going forward to continue to have TimThumb be the easiest to use, fastest, most popular and most secure thumbnail script on the Web.

MarkMaunder.com

Thanks Mark! You rock!

If you're using an outdated version of TimThumb…

You need to upgrade your theme and any plugins that use timthumb.php to the latest version (2.0). Ask your theme or plugin(s) developer for an upgrade or hop on over to Mark's site on to learn how to upgrade it yourself.

Our site uses a child theme of *Genesis by StudioPress. I checked with their support forum and found that Genesis framework uses the internal image handling from WordPress itself, which is great. However, classic themes (prior to post thumbnails – pre Genesis) used timthumb. Classic themes users should upgrade to Genesis framework and use a child theme or switch to the WP thumbnailing system.

Leave Your Feedback

Has your site been hacked recently and using an outdated version of timthumb? Do you have a theme or plugin that uses an outdated version of timthumb? Please let us know by leaving your comment below.

Securely yours,

Regina Smola
Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan

* Denotes our Affiliate Link. If you a make a purchase through this link, we receive a commission.

Filed Under: Bugs & Vulnerabilities Tagged With: timthumb vulnerability, wordpress theme

Reader Interactions

Comments

  1. Peter says

    August 11, 2011 at 1:01 pm

    Dear Regina,

    Yes, my sites are on a shared server and once they got in through the Thesis Tim Thumb PHP it’s been almost impossible to get rid of them. Also my host, Just Host, has not been helpful at all at ridding my sites of hacked files.

    For anyone who has suffered the same fate, check this file: wp-admin/options-privacy.php. It had been replaced with a known phishing attack.

    The damage has already been done, however, as visitors to my sites during this time probably won’t be return visitors.

    There’s one thing I left to say, “I’ve been Hacked!”

    Peter

    Reply
    • Dia Ritoch says

      November 5, 2011 at 7:48 pm

      I hear you about JustHost support people! They just simply don’t care! I tried chatting and calling them. All they will give you is an automated email on how to protect your files , full of BS.

      Reply
  2. cheryl says

    August 19, 2011 at 8:54 am

    my site uses a Genesis theme and was hit with this yesterday (well, not it exactly, because it doesn’t use tim thumb) but zero day injection, so switching to Genesis wont prevent it

    Reply
    • Regina Smola says

      August 25, 2011 at 9:08 am

      Hi Cheryl,

      Sorry to hear your site got attacked. StudioPress does have their security reviewed on their themes, so I doubt that’s how they got in. Let me know if you need any help.

      Have a great day,

      ~ Regina Smola

      Reply
  3. Dia Ritoch says

    November 5, 2011 at 7:43 pm

    I have been hacked too! God, they hacked our entire server! And I just confirmed it now after reading this post that it was, in fact, through TimThumb that they got in. Their code is this, (below) in every PHP file:

    Edited by WPSecurityLock: Code was copied to pastebin here:
    http://pastebin.com/XPvSSfLL

    And I also found their code that they use for sending e-mail whenever they do the attack:

    Edited by WPSecurityLock Admin: Code was copied to pastebin here:
    http://pastebin.com/RwDpuQgd

    we have got to stop this! It has been such a pain!

    Reply
  4. madprog says

    October 4, 2012 at 4:20 pm

    I found that upgrading to 2.8.18 Did NOT solve the problem. I disinfected all PHP scripts on the entire site, and installed a new version of timThumb. About 1 month later, the files were once again infected. My recommendation would be to secure the ownership and write permissions on all PHP files to prevent the timthumb.php from writing to the files, or remove timthumb completely and use something else.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s work together:

Get in touch with us and send some basic info about your project. Don't be shy, we can help with just about anything.

Contact Us!

Footer

  • Facebook
  • LinkedIn
  • Twitter

Contact

Call 815-600-7270
Contact
Mo,Tu,We,Th,Fr 9:00 am – 5:00 pm

Get WordPress Help Now

Chat With Us!
Submit A Support Ticket

Copyright © 2025 | WP Security Lock, Inc