Timthumb.php

6 posts from 4 voices

• Started 1 year ago by friendshipping
• Latest reply from Chris Beard
• This topic is not a support question

Tags:

• Security
• timthumb

1. 

   friendshipping
   Member

   Hi. Have you updated the timthumb.php script to the latest since the vulnerability was exposed?

   Posted 1 year ago #
2. 

   Dude
   Dude

   Hey,
   you can delete timthumb.php. It's not required anymore since WP3+. I asked Kriesi to update all themes (basically to upload all theme files without timthumb.php) but it seems like he forgot it.... :-/

   Posted 1 year ago #
3. 

   whatsupmf
   Member

   Agreed, WP has made it clear no themes should use it anymore. I think Kriesi should really do this to make his themes comply. (here's a good overview http://www.themelab.com/2011/08/02/timthumb-security-exploit/ )

   Posted 1 year ago #
4. 

   Dude
   Dude

   As far as I know the latest version of timthumb is considered as secure again :) - however nearly all of our themes use the wp resize function. I think only Levitation and Display require Timthumb and both use the new timthumb script version.

   Posted 1 year ago #
5. 

   whatsupmf
   Member

   Cool. Thanks.

   Posted 1 year ago #
6. 

   Chris Beard
   

   Glad that Dude could help :)

   Posted 1 year ago #

RSS feed for this topic

Reply

You must log in to post.