It’s always scary when you read of zero-day WordPress vulnerabilities, and this is a big one. As described on Mark Maunder’s blog, many themes use a library called timthumb.php, which contains an insecure check that allows remote code to run on your server.
UPDATE this check is no longer enough, see below. A quick way to find out if you’re effected is to run a locate command, e.g.:
[tom@daisy ~]$ locate timthumb
This showed that two separate themes – one premium, one free – use this library on my server. Fortunately, the instructions on Mark’s blog make this easy to fix.
Check your servers now before it’s too late.
UPDATE I have discovered that sometimes the file is called thumb.php and is often TimThumb! So now a quick way to find potentially vulnerable files is:
[root@daisy www]# cd /var/www
[root@daisy www]# grep TimThumb * -r
Scary stuff.
Written by Tom
Are you looking for web development or just someone who will work with your business needs and not against them? Get in touch with me here, or take a look at my consultancy’s website: Moo Unlimited. I’m confident I can help you.
Be First to Comment