TimThumb.php Vulnerability in WordPress blog

Few days ago, WordPress security vulnerability in timthumb.php reported on one of our blog http://filmnews.bizhat.com.

timthumb.php is a script that is used by hundreds of WordPress themes to resize images.

I searched in google with ‘timthumb.php vulnerability fix’ and found ‘TimThumb Vulnerability Scanner plugin’

TimThumb Vulnerability Scanner plugin to check if your site is running a vulnerable version of TimThumb. This plugin will scan your entire wp-content folder, including plugins, themes and uploads.

To install ‘TimThumb Vulnerability Scanner plugin’ using the built-in plugin installer:

Go to Plugins > Add New.

Under Search, type ‘TimThumb Vulnerability Scanner’ and Click Install Now to install the Plugin.

TimThumb-Vulnerability-Scanner-5

Go to the “Timthumb Scanner” page, under the “Tools” menu

TimThumb Vulnerability Scanner-2

TimThumb-Vulnerability-Scanner-3

TimThumb-Vulnerability-Scanner-4

Here is some of the plugin that used timthumb.php

/wp-content/plugins/cac-featured-content/timthumb.php
/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php
/wp-content/plugins/category-list-portfolio-page/scripts/timthumb.php
/wp-content/plugins/cms-pack/timthumb.php
/wp-content/plugins/dp-thumbnail/timthumb/timthumb.php
/wp-content/plugins/extend-wordpress/helpers/timthumb/image.php
/wp-content/plugins/islidex/js/timthumb.php
/wp-content/plugins/kino-gallery/timthumb.php
/wp-content/plugins/lisl-last-image-slider/timthumb.php
/wp-content/plugins/really-easy-slider/inc/thumb.php
/wp-content/plugins/rent-a-car/libs/timthumb.php
/wp-content/plugins/verve-meta-boxes/tools/timthumb.php
/wp-content/plugins/vk-gallery/lib/timthumb.php
/wp-content/plugins/wp-marketplace/libs/timthumb.php
/wp-content/plugins/yd-recent-posts-widget/timthumb/timthumb.php


About hostonnet2

Bootstrap and Android LOVER. I've been creating things for the web for over 10 years, from the period of flash and table based layout web sites till mobile and tab friendly web sites.
Posted in Wordpress