WordPress Security Alert – TimThumb Image Resizing Script

WordPress Security Issue wIth Timthumb

In recent days a significant WordPress security threat has emerged. The root of it is the ability for unsavory types to compromise a very common image resizing script called TimThumb which is used in many WordPress themes and plugins. Through a security flaw, hackers can find a way into your site and cause havoc. Or, in more specific terms according to Vaultpress:

“The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.”

Are you at risk?

The list of themes and plugins that use this script is too long for any one source to have catalog-ed as yet. Securi has a partial list here. In my own researching I’ve found several major theme vendors to be vulnerable (WooThemes, Themify.me, Headway) although they have acted quickly to update their themes.  WebSite defender has a list of plugins and themes they know to be using timthumb.

Read More