Tagged: ,

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
  • #5619

    Just received a message from my web host about timthumb.php vulnerability. Is there something that Habitat users need to do to patch or update our sites? I am a definite newbie when it comes to messing with the base code, btw.



    are you running the latest version of the theme? Kriesi released a timthumb update just a few days ago. The update can be downloaded on themeforest.


    I purchased in May 2011; I think I’m running version 1.1.1. To update, do I just download the ‘current’ theme from Themeforest and replace the theme on WordPress? Will I have to rebuild the site again?


    When you download the updated version there’s a version.rtf file which tells you what has been updated so you can replace the files in question. However, you can just replace the entire theme without your settings being lost since they’re stored in the database.. which remains untouched.


    Will I have to “purchase” the theme again?


    No, all updates are free.


    Well, for the time-being then, I guess this is an issue for me to figure out with Themeforest, because I don’t see any option on that site to download an ‘update.’ My only options appear to be downloading the old theme or purchasing the theme. There is no ‘update’ indicated anywhere…Can you verify that there is, in fact, an update there?

    When I figure this first step out, I’ll come back. Thanks.


    BTW, when I download the ‘previously purchased,’ theme, the files are identical to what I purchased in May…including the .rtf file. So it looks like maybe it hasn’t been updated recently?



    sorry about that – I must have mislooked at the dates of all the recently updated files. Recently a timthumb vulnerability has come up and it has been patched, it seems it wasn’t for habitat. I’ll mail Kriesi about the fix.

    Again exuse me for the delay/misinformation.


    Hey! Habitat no longer uses the timthumb script, it instead relies on the natural wordpress resizing. I would suggest to simply delete it from the theme folder. I will release an update for the themes that dont rely on it but have a copy of the file in the theme folder next week ;)


    hej guys, just to let you know. the timthumb.php is still in the theme version on themeforest and it is definitly the old and hacked version last updated on 17th of march 2011 – before the fix. please update asap.


    Thanks for letting us know, I’ll contact Kriesi about it.



    Our site has recently been hacked. Can I confirm with you that I can simply delete the timthumb.php file and this wont break anything? I am using Display and Newscast.



    You can delete timthumb.php for Newscast (if you’re using the latest theme version). As fas as I know Display requires timthumb but the latest theme version (v.2.0.3) comes with the updated timthumb script which is secure.

Viewing 14 posts - 1 through 14 (of 14 total)

The topic ‘Timthumb Vulnerability on Habitat’ is closed to new replies.