WP Tavern

See If You’re Secure With The Timthumb Vulnerability Scanner

Jeff Chandler · · 9 Comments

Not sure if any of the plugins or themes you have installed within your WP-Content directory contain the outdated version of TimThumb? Good news, there is a simple plugin that not only scans your content directory for the outdated version of the script, but also provides a link to quickly upgrade to the newer version. After installation, you’ll find the options page within the Tools menu. After running the scan on WPTavern for the first time, these were my results:

Clean Scan Reported By ScannerThis plugin is especially useful to those who have more than a few themes or an abundant number of plugins installed as it checks the entire contents of the WP-Content directory.  According to a post within the plugins support forum, it has not gone through specific testing with WordPress Multi-Site but the author sees no reason why it wouldn’t work.

9 Comments

  1. How to protect your WordPress site as hackers exploit TimThumb security hole

    […] Via WordPress Tavern I’ve learned that a new plugin allows you to scan your WordPress site for the TimThumb […]

    Report

  2. chrismccoy

    nice one ;)

    i had a client who had a large number of themes which used timthumb he wanted a faster way to update each one.

    here is a little shell script that will do it.

    #!/usr/bin/bash
    wget -q -O ~/newtim.php http://timthumb.googlecode.com/svn/trunk/timthumb.php;
    find . -name "timthumb.php" -exec bash -c "echo patching {} && cp ~/newtim.php {}" \;
    rm ~/newtim.php

    Report

  3. Miroslav Glavic

    Sweet no vulnerabilities found.

    Report

  4. Russell

    Thanks, seems my site is okay. Actually thought it was open to attack!!

    Report

  5. Kirk M

    Good, I’m clean also. Nice to have another “health” plugin like this one especially for those DYI WordPress powered sites that have some age on them. To bad we don’t have plugins like this for their owner’s health as well. ;-)

    Report

  6. Flick

    I found that the CPanel Filemanager search was a very useful way of finding the files as well.

    Report

  7. Around the WordPress Community this Week | CS5 Design

    […] the Timthumb Vulnerability not long ago? WordPress Tavern have stumbled upon A Timthumb Vulnerability Scanner plugin that checks to see if your WordPress is vulnerable. Comments to the post include a simple […]

    Report

  8. Mike

    We run a fairly large multisite install and this plugin will allow clients to see each others timthumb scripts (and fix them!). This may or may not be a big issue, but I can see how it could cause some disruption.

    What we did was install the Restrict Multisite Plugins plugin and this will allow you to restrict the install of the Timthumb Scanner plugin on your parent site only, so then none of your clients will see it.

    Just thought I’d throw that out there for any multisite users.

    Report

  9. WordPress Plugin - TimThumb Vulnerability Scanner | FriedGreenKidneyBeanFriedGreenKidneyBean

    […] changed the files myself manually on the WordPress websites that I maintain, but I saw a post from WPTavern about a new plugin which took all the trouble out of searching for the files and replacing them. […]

    Report

Comments are closed.

%d bloggers like this: