ThemeForest

TimThumb Vulnerability

EugeneO
EugeneO Recent Posts
Threads Started
312 posts
  • Has been a member for 2-3 years
  • Item was Featured
  • Author was Featured
  • Exclusive Author
  • Sold between 100 000 and 250 000 dollars
  • Elite Author
  • Bought between 1 and 9 items
  • United Kingdom
  • Referred between 100 and 199 users
EugeneO says

I received an email from a buyer today linking me to a post made by a blog owner about a serious vulnerability in timthumb that led to his site being hacked. I don’t use timthumb in my themes but I know a lot of people do so I thought I would post it here to make sure authors are aware of the problem and can apply fixes to their themes.

Article is here: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

10 months ago
digitalimpact
digitalimpact Recent Posts
Threads Started
1841 posts
  • Has been a member for 3-4 years
  • Exclusive Author
  • Sold between 100 and 1 000 dollars
  • Bought between 10 and 49 items
  • Europe
  • Referred between 100 and 199 users
digitalimpact says

Thanks for posting this Eugene. I’m actually working on a site that’ll use the script and this is good to know. Appreciated :)

10 months ago
duotive
duotive Recent Posts
Threads Started
2698 posts
  • Has been a member for 1-2 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Forum Superstar
  • Item was Featured
  • Author was Featured
  • Exclusive Author
  • Sold between 100 000 and 250 000 dollars
  • Elite Author
  • Bought between 1 and 9 items
  • Europe
  • Referred between 50 and 99 users
duotive says

This will start a frenzy among customers… already started with our themes.

10 months ago
ThemeProvince
ThemeProvince Recent Posts
Threads Started
2389 posts Put a Donk On It
  • Has been a member for 2-3 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Tutorial to a Tuts+ Site
  • Interviewed on the Envato Notes blog
  • Item was Featured
  • Author was Featured
  • Beta Tester
  • Exclusive Author
  • Sold between 100 000 and 250 000 dollars
  • Elite Author
  • Bought between 10 and 49 items
  • United Kingdom
  • Referred between 50 and 99 users
ThemeProvince says

I’ve already updated :D

10 months ago
duotive
duotive Recent Posts
Threads Started
2698 posts
  • Has been a member for 1-2 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Forum Superstar
  • Item was Featured
  • Author was Featured
  • Exclusive Author
  • Sold between 100 000 and 250 000 dollars
  • Elite Author
  • Bought between 1 and 9 items
  • Europe
  • Referred between 50 and 99 users
duotive says
ThemeProvince said
I’ve already updated :D

This is what i am doing now :)

10 months ago
ChrisMooney
ChrisMooney Recent Posts
Threads Started
134 posts Ahoy, me Hearties!
  • Has been a member for 2-3 years
  • Author was Featured
  • Exclusive Author
  • Sold between 50 000 and 100 000 dollars
  • Elite Author
  • Bought between 10 and 49 items
  • United Kingdom
  • Referred between 10 and 49 users
ChrisMooney says
duotive said
ThemeProvince said
I’ve already updated :D
This is what i am doing now :)

Likewise, I’m updating my themes ASAP .

10 months ago
duotive
duotive Recent Posts
Threads Started
2698 posts
  • Has been a member for 1-2 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Forum Superstar
  • Item was Featured
  • Author was Featured
  • Exclusive Author
  • Sold between 100 000 and 250 000 dollars
  • Elite Author
  • Bought between 1 and 9 items
  • Europe
  • Referred between 50 and 99 users
duotive says
ChrisMooney said
duotive said
ThemeProvince said
I’ve already updated :D
This is what i am doing now :)
Likewise, I’m updating my themes ASAP .

Done and accepted :)))

10 months ago
e404
e404 Recent Posts
Threads Started
66 posts
  • Has been a member for 1-2 years
  • Exclusive Author
  • Sold between 50 000 and 100 000 dollars
  • Europe
  • Referred between 10 and 49 users
e404 says

This issue was fixed in the version 1.34 (diff), so you don’t have to remove all allowed sites – just update your TimThumb script to the latest version.

10 months ago
mabuc
mabuc Recent Posts
Threads Started
979 posts
  • Has been a member for 3-4 years
  • Interviewed on the Envato Notes blog
  • Exclusive Author
  • Sold between 10 000 and 50 000 dollars
  • Bought between 10 and 49 items
  • Philippines
  • Referred between 100 and 199 users
mabuc says
e404 said
This issue was fixed in the version 1.34 (diff), so you don’t have to remove all allowed sites – just update your TimThumb script to the latest version.

Thanks will be updating now :)

10 months ago
ant0
ant0 Recent Posts
Threads Started
30 posts
  • Has been a member for 3-4 years
  • Bought between 50 and 99 items
  • United Kingdom
ant0 says

As a “buyer” I went through the panic of checking all our sites and checking/replacing the latest version of timthumb.php (renamed to thumb.php by some). So for the help of other buyers out there I can confirm that at least the following do use instances of timthumb….

PLUGINS (timthumb.php)—> Sugar slider

WP THEMES (timthumb.php)—> CONCISE , CORPORATE, PUREVISION , LEVITATION, CLOCKSTONE , RTTHEME6, LOTUS , SINTAGMA, DANDELION , BIG FEATURE , INNOVA, AMPLIFY

WP THEMES (thumb.php)—> INFOCUS

10 months ago

Search forums

Active threads

Need a wordPress template Just like College education 4 replies, last by proudpress 4 minutes ago
Envato KL 2012: Video! 8 replies, last by ShermanJackson 15 minutes ago
MDNW Reaction Theme - Logo sizing? 2 replies, last by charlie4282 23 minutes ago
The Statementer 232 replies, last by dtbaker 25 minutes ago
Jquery Gesture plugin 1 replies, last by Enabled 34 minutes ago
Designer needed for a search engine layout 0 replies
From What To Start ? 10 replies, last by FX-HD-Flash 56 minutes ago
by
by
by
by
by