- Sold between 250 000 and 1 000 000 dollars
- Exclusive Author
- Interviewed on the Envato Notes blog
- Author was Featured
- Item was Featured
- Beta Tester
- Author had a File in an Envato Bundle
- Author had a Free File of the Month
^
Guys, no need to panic… timthumb as well WP have been always open to hacking… the chances to be hacked are close to 0… many servers don’t allow that type of hacking 
- Bought between 100 and 499 items
- Has been a member for 4-5 years
- United Kingdom
ParkerAndKent saidWell going by the OP that’s at least one hacked, so better to be safe than sorry.
... the chances to be hacked are close to 0…
- Bought between 10 and 49 items
- Contributed a Blog Post
- Exclusive Author
- Has been a member for 2-3 years
- Referred between 1 and 9 users
- Repeatedly Helped protect Envato Marketplaces against copyright violations
- Sold between 5 000 and 10 000 dollars
Theme Updated 
- Sold between 250 000 and 1 000 000 dollars
- Exclusive Author
- Interviewed on the Envato Notes blog
- Author was Featured
- Item was Featured
- Beta Tester
- Author had a File in an Envato Bundle
- Author had a Free File of the Month
ant0 said
ParkerAndKent saidWell going by the OP that’s at least one hacked, so better to be safe than sorry.
... the chances to be hacked are close to 0…
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary 
- Author was Featured
- Bought between 1 and 9 items
- Exclusive Author
- Has been a member for 3-4 years
- Item was Featured
- Referred between 100 and 199 users
- Sold between 100 000 and 250 000 dollars
- United Kingdom
ParkerAndKent is right that it’s not something to panic about as it would only take a minute to update the timthumb file in any theme you are using.
Just to clarify, the site that was hacked was the site of the blogger posting about the exploit and not the site of a ThemeForest buyer.
- Sold between 1 000 and 5 000 dollars
- Bought between 10 and 49 items
- Exclusive Author
- Has been a member for 4-5 years
- Referred between 1 and 9 users
- United States
ParkerAndKent said
ant0 saidSure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary
ParkerAndKent saidWell going by the OP that’s at least one hacked, so better to be safe than sorry.
... the chances to be hacked are close to 0…
Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.
Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/
- Sold between 250 000 and 1 000 000 dollars
- Exclusive Author
- Interviewed on the Envato Notes blog
- Author was Featured
- Item was Featured
- Beta Tester
- Author had a File in an Envato Bundle
- Author had a Free File of the Month
ryguy said
ParkerAndKent said
ant0 saidSure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary
ParkerAndKent saidWell going by the OP that’s at least one hacked, so better to be safe than sorry.
... the chances to be hacked are close to 0…Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.
Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/
Thanks for sharing, that looks great
- Envato Staff
- Sold between 100 000 and 250 000 dollars
- Support Staff
- United States
- Author had a Free File of the Month
- Microlancer Beta Tester
- Beta Tester
- Interviewed on the Envato Notes blog
ParkerAndKent said
ryguy saidThanks for sharing, that looks great
ParkerAndKent said
ant0 saidSure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary
ParkerAndKent saidWell going by the OP that’s at least one hacked, so better to be safe than sorry.
... the chances to be hacked are close to 0…Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.
Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/
I’m reading this now too. Looks really good so far.
- Exclusive Author
- Sold between 10 000 and 50 000 dollars
- Bought between 1 and 9 items
- Referred between 1 and 9 users
- Serbia
- Has been a member for 4-5 years
A little bit off-topic, question for authors:
How do you use timthumb? In image tags, just place the link to timthumb with src in querystring and dimensions? And users set fullsize image wherever is needed an timthumb scales it on the fly?
- Author was Featured
- Sold between 100 000 and 250 000 dollars
- Has been a member for 2-3 years
- Exclusive Author
- Europe
- Bought between 100 and 499 items
- Referred between 200 and 499 users
It gets even better! WordThumb is now TimThumb 2: http://markmaunder.com/2011/wordthumb-is-now-timthumb-2-0/
Request processing...