Tim Thumb…No Not a Fairy Tale
Posted March 16th, 2012 by Daniel Trimpey. Follow on Google+full-screen
If you run a WordPress website, especially if you use a pre-built template, there is a good chance that your theme uses the timthumb.php script for resizing images. That script was found to be exploitable several months ago, and there has been updates released to patch your file, but many don’t know how to do it or even that they need to.
Enter the Timthumb Vulnerability Scanner. This is a free plugin for WordPress that will scan your site to see if you are using an outdated version of the timthumb.php file and if so, fix it for you.
If you host with Page Progressive, then we’ve scanned our server and patched any old timthumb.php files but if you are hosting elsewhere, it’s possible your host has not scanned for it and you may need to check to make sure you are not vulnerable to this exploit. It could lead to your site getting hacked and allow malware to be distributed though it, and that will ruin just about anyone’s day.