385 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 4-5 years
  • United Kingdom
  • Referred between 100 and 199 users
  • Bought between 10 and 49 items
  • Exclusive Author
EugeneO says

I received an email from a buyer today linking me to a post made by a blog owner about a serious vulnerability in timthumb that led to his site being hacked. I don’t use timthumb in my themes but I know a lot of people do so I thought I would post it here to make sure authors are aware of the problem and can apply fixes to their themes.

Article is here: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

2440 posts
  • Has been a member for 5-6 years
  • Exclusive Author
  • Europe
  • Bought between 10 and 49 items
  • Referred between 100 and 199 users
  • Sold between 100 and 1 000 dollars
  • Envato Studio (Microlancer) Beta Tester
digitalimpact says

Thanks for posting this Eugene. I’m actually working on a site that’ll use the script and this is good to know. Appreciated :)

3007 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 4-5 years
  • Referred between 100 and 199 users
+2 more
duotive says

This will start a frenzy among customers… already started with our themes.

2566 posts Put a Donk On It
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • United Kingdom
  • Exclusive Author
  • Attended a Community Meetup
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Referred between 200 and 499 users
+5 more
ThemeProvince says

I’ve already updated :D

3007 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 4-5 years
  • Referred between 100 and 199 users
+2 more
duotive says
ThemeProvince said
I’ve already updated :D

This is what i am doing now :)

137 posts Ahoy, me Hearties!
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 5-6 years
  • Bought between 100 and 499 items
  • Referred between 100 and 199 users
  • United Kingdom
  • Exclusive Author
ChrisMooney says
duotive said
ThemeProvince said
I’ve already updated :D
This is what i am doing now :)

Likewise, I’m updating my themes ASAP .

3007 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 4-5 years
  • Referred between 100 and 199 users
+2 more
duotive says
ChrisMooney said
duotive said
ThemeProvince said
I’ve already updated :D
This is what i am doing now :)
Likewise, I’m updating my themes ASAP .

Done and accepted :)))

74 posts e404 Themes
  • Envato Studio (Microlancer) Beta Tester
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 3-4 years
  • Referred between 100 and 199 users
  • Bought between 1 and 9 items
  • Sold between 100 000 and 250 000 dollars
e404 says

This issue was fixed in the version 1.34 (diff), so you don’t have to remove all allowed sites – just update your TimThumb script to the latest version.

1179 posts
  • Exclusive Author
  • Interviewed on the Envato Notes blog
  • Sold between 10 000 and 50 000 dollars
  • Bought between 10 and 49 items
  • Referred between 200 and 499 users
  • Has been a member for 6-7 years
mabuc says
e404 said
This issue was fixed in the version 1.34 (diff), so you don’t have to remove all allowed sites – just update your TimThumb script to the latest version.

Thanks will be updating now :)

30 posts
  • Bought between 100 and 499 items
  • Has been a member for 5-6 years
  • United Kingdom
ant0 says

As a “buyer” I went through the panic of checking all our sites and checking/replacing the latest version of timthumb.php (renamed to thumb.php by some). So for the help of other buyers out there I can confirm that at least the following do use instances of timthumb….

PLUGINS (timthumb.php)—> Sugar slider

WP THEMES (timthumb.php)—> CONCISE , CORPORATE, PUREVISION , LEVITATION, CLOCKSTONE , RTTHEME6, LOTUS , SINTAGMA, DANDELION , BIG FEATURE , INNOVA, AMPLIFY

WP THEMES (thumb.php)—> INFOCUS

by
by
by
by
by
by