TimThumb.php found with zero-day vulnerability! Update Now.
TimThumb is PHP script for image cropping, zooming and resizing. This script is commonly included in many WordPress themes and plugins. Unfortunately, without removing or updating the timthumb.php script, your site is at risk of being hacked.
Sites have been maliciously hacked with base64_decode …long string of malicious encrypted code')) injected into .php files through the timthumb.php file. This script uses a cache directory that resides inside of wp-content and writes to that directory to grab images and re-size them.
This vulnerability was first reported by Mark Maunder, when his site was hacked through the timthumb.php file. Luckily for all of us, Mark found a solution. He did a re-write of timthumb and created a new secure thumbnailer project called WordThumb. He has now merged his work into TimThumb 2.0.
That work is now complete and TimThumb 2.0 is now available for download from the TimThumb site.
I’m going to be working with Ben going forward to continue to have TimThumb be the easiest to use, fastest, most popular and most secure thumbnail script on the Web.
Thanks Mark! You rock!
If you're using an outdated version of TimThumb…
You need to upgrade your theme and any plugins that use timthumb.php to the latest version (2.0). Ask your theme or plugin(s) developer for an upgrade or hop on over to Mark's site on to learn how to upgrade it yourself.
Our site uses a child theme of *Genesis by StudioPress. I checked with their support forum and found that Genesis framework uses the internal image handling from WordPress itself, which is great. However, classic themes (prior to post thumbnails – pre Genesis) used timthumb. Classic themes users should upgrade to Genesis framework and use a child theme or switch to the WP thumbnailing system.
Leave Your Feedback
Has your site been hacked recently and using an outdated version of timthumb? Do you have a theme or plugin that uses an outdated version of timthumb? Please let us know by leaving your comment below.
* Denotes our Affiliate Link. If you a make a purchase through this link, we receive a commission.