407 posts
  • Top Monthly Author
  • Weekly Top Seller
  • Elite Author
  • Author Level 9
+7 more
EugeneO
says

I received an email from a buyer today linking me to a post made by a blog owner about a serious vulnerability in timthumb that led to his site being hacked. I don’t use timthumb in my themes but I know a lot of people do so I thought I would post it here to make sure authors are aware of the problem and can apply fixes to their themes.

Article is here: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

2468 posts
  • 6 Years of Membership
  • Author Level 2
  • Affiliate Level 4
  • Beta Tester
+3 more
digitalimpact
says

Thanks for posting this Eugene. I’m actually working on a site that’ll use the script and this is good to know. Appreciated :)

3007 posts
  • 5 Years of Membership
  • Affiliate Level 5
  • Author Level 9
  • Bundle Boss
+8 more
duotive
says

This will start a frenzy among customers… already started with our themes.

2627 posts Put a Donk On It
  • Weekly Top Seller
  • Elite Author
  • Exclusive Author
  • Featured Author
+11 more
ThemeProvince
says

I’ve already updated :D

3007 posts
  • 5 Years of Membership
  • Affiliate Level 5
  • Author Level 9
  • Bundle Boss
+8 more
duotive
says
ThemeProvince said
I’ve already updated :D

This is what i am doing now :)

137 posts Ahoy, me Hearties!
  • Trendsetter
  • Weekly Top Seller
  • Elite Author
  • Featured Author
+7 more
ChrisMooney
says
duotive said
ThemeProvince said
I’ve already updated :D
This is what i am doing now :)

Likewise, I’m updating my themes ASAP .

3007 posts
  • 5 Years of Membership
  • Affiliate Level 5
  • Author Level 9
  • Bundle Boss
+8 more
duotive
says
ChrisMooney said
duotive said
ThemeProvince said
I’ve already updated :D
This is what i am doing now :)
Likewise, I’m updating my themes ASAP .

Done and accepted :)))

74 posts e404 Themes
  • Weekly Top Seller
  • Elite Author
  • Author Level 7
  • Exclusive Author
+4 more
e404
says

This issue was fixed in the version 1.34 (diff), so you don’t have to remove all allowed sites – just update your TimThumb script to the latest version.

1180 posts
  • Affiliate Level 5
  • Author Level 5
  • Collector Level 2
  • Exclusive Author
+2 more
mabuc
says
e404 said
This issue was fixed in the version 1.34 (diff), so you don’t have to remove all allowed sites – just update your TimThumb script to the latest version.

Thanks will be updating now :)

30 posts
  • 6 Years of Membership
  • Collector Level 4
  • United Kingdom
ant0
says

As a “buyer” I went through the panic of checking all our sites and checking/replacing the latest version of timthumb.php (renamed to thumb.php by some). So for the help of other buyers out there I can confirm that at least the following do use instances of timthumb….

PLUGINS (timthumb.php)—> Sugar slider

WP THEMES (timthumb.php)—> CONCISE , CORPORATE, PUREVISION , LEVITATION, CLOCKSTONE , RTTHEME6, LOTUS , SINTAGMA, DANDELION , BIG FEATURE , INNOVA, AMPLIFY

WP THEMES (thumb.php)—> INFOCUS

by
by
by
by
by
by