Vulnerability Found in the TimThumb script

I just read from the VaultPress blog that they've found a vulnerability in this popular script.

This script is used by a lot of themes and it could be dangerous for your site and your server.

Update

First of all update to the last version of the script. Download it here.

Do not allow external

Be sure you have something like this near the first lines of the script:

define ('ALLOW_EXTERNAL', FALSE);

Now change from this:

$allowedSites = array (
'flickr.com',
'picasa.com',
'img.youtube.com',
);

To this, just in case:

$allowedSites = array ();

You should be save now 😉

About Rick

Senior Front-end Software Engineer from Barcelona, Haidong Gumdo Instructor (korean martial art of the sword), street photographer, travel lover, TV addict, Boston Red Sox fan, and privacy advocate.

Leave a Reply

Add <code> Some Code </code> by using this tags.

*
*