Hi. Have you updated the timthumb.php script to the latest since the vulnerability was exposed?
you can delete timthumb.php. It’s not required anymore since WP3+. I asked Kriesi to update all themes (basically to upload all theme files without timthumb.php) but it seems like he forgot it…. :-/
Agreed, WP has made it clear no themes should use it anymore. I think Kriesi should really do this to make his themes comply. (here’s a good overview http://www.themelab.com/2011/08/02/timthumb-security-exploit/ )
As far as I know the latest version of timthumb is considered as secure again :) – however nearly all of our themes use the wp resize function. I think only Levitation and Display require Timthumb and both use the new timthumb script version.
The topic ‘Timthumb.php’ is closed to new replies.