TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.
US-CERT encourages users and administrators to:
- determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
- review the
Read more at: US-CERT Current Activity TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.
US-CERT encourages users and administrators to:
- determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
- review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks
Read more at: US-CERT Current Activity
- determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php