HostOnNet Blog

TimThumb.php Vulnerability in WordPress blog

Looking for Linux Server Admin or WordPress Expert? We can help.

Few days ago, WordPress security vulnerability in timthumb.php reported on one of our blog http://filmnews.bizhat.com.

timthumb.php is a script that is used by hundreds of WordPress themes to resize images.

I searched in google with ‘timthumb.php vulnerability fix’ and found ‘TimThumb Vulnerability Scanner plugin’

TimThumb Vulnerability Scanner plugin to check if your site is running a vulnerable version of TimThumb. This plugin will scan your entire wp-content folder, including plugins, themes and uploads.

To install ‘TimThumb Vulnerability Scanner plugin’ using the built-in plugin installer:

Go to Plugins > Add New.

Under Search, type ‘TimThumb Vulnerability Scanner’ and Click Install Now to install the Plugin.

TimThumb-Vulnerability-Scanner-5

Go to the “Timthumb Scanner” page, under the “Tools” menu

TimThumb Vulnerability Scanner-2

TimThumb-Vulnerability-Scanner-3

TimThumb-Vulnerability-Scanner-4

Here is some of the plugin that used timthumb.php

/wp-content/plugins/cac-featured-content/timthumb.php
/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php
/wp-content/plugins/category-list-portfolio-page/scripts/timthumb.php
/wp-content/plugins/cms-pack/timthumb.php
/wp-content/plugins/dp-thumbnail/timthumb/timthumb.php
/wp-content/plugins/extend-wordpress/helpers/timthumb/image.php
/wp-content/plugins/islidex/js/timthumb.php
/wp-content/plugins/kino-gallery/timthumb.php
/wp-content/plugins/lisl-last-image-slider/timthumb.php
/wp-content/plugins/really-easy-slider/inc/thumb.php
/wp-content/plugins/rent-a-car/libs/timthumb.php
/wp-content/plugins/verve-meta-boxes/tools/timthumb.php
/wp-content/plugins/vk-gallery/lib/timthumb.php
/wp-content/plugins/wp-marketplace/libs/timthumb.php
/wp-content/plugins/yd-recent-posts-widget/timthumb/timthumb.php

About Sibi Antony

Bootstrap and Android LOVER. I've been creating things for the web for over 10 years, from the period of flash and table based layout web sites till mobile and tab friendly web sites.
Posted in Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.