389 posts
  • Has referred 100+ members
  • Has sold $250,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+5 more
EugeneO says

I received an email from a buyer today linking me to a post made by a blog owner about a serious vulnerability in timthumb that led to his site being hacked. I don’t use timthumb in my themes but I know a lot of people do so I thought I would post it here to make sure authors are aware of the problem and can apply fixes to their themes.

Article is here: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

2445 posts
  • Has referred 100+ members
  • Has sold $100+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+3 more
digitalimpact says

Thanks for posting this Eugene. I’m actually working on a site that’ll use the script and this is good to know. Appreciated :)

3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says

This will start a frenzy among customers… already started with our themes.

2579 posts Put a Donk On It
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+10 more
ThemeProvince says

I’ve already updated :D

3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says
ThemeProvince said
I’ve already updated :D

This is what i am doing now :)

137 posts Ahoy, me Hearties!
  • Has referred 100+ members
  • Has sold $250,000+ on Envato Market
  • Has collected 100+ items on Envato Market
  • Had an item featured on Envato Market
+5 more
ChrisMooney says
duotive said
ThemeProvince said
I’ve already updated :D
This is what i am doing now :)

Likewise, I’m updating my themes ASAP .

3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says
ChrisMooney said
duotive said
ThemeProvince said
I’ve already updated :D
This is what i am doing now :)
Likewise, I’m updating my themes ASAP .

Done and accepted :)))

74 posts e404 Themes
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Sells items exclusively on Envato Market
  • Has been part of the Envato Community for over 3 years
+4 more
e404 says

This issue was fixed in the version 1.34 (diff), so you don’t have to remove all allowed sites – just update your TimThumb script to the latest version.

1179 posts
  • Has referred 200+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
mabuc says
e404 said
This issue was fixed in the version 1.34 (diff), so you don’t have to remove all allowed sites – just update your TimThumb script to the latest version.

Thanks will be updating now :)

30 posts
  • Has been part of the Envato Community for over 5 years
  • Has collected 100+ items on Envato Market
  • Located in United Kingdom
ant0 says

As a “buyer” I went through the panic of checking all our sites and checking/replacing the latest version of timthumb.php (renamed to thumb.php by some). So for the help of other buyers out there I can confirm that at least the following do use instances of timthumb….

PLUGINS (timthumb.php)—> Sugar slider

WP THEMES (timthumb.php)—> CONCISE , CORPORATE, PUREVISION , LEVITATION, CLOCKSTONE , RTTHEME6, LOTUS , SINTAGMA, DANDELION , BIG FEATURE , INNOVA, AMPLIFY

WP THEMES (thumb.php)—> INFOCUS

by
by
by
by
by
by