See If You’re Secure With The Timthumb Vulnerability Scanner

Not sure if any of the plugins or themes you have installed within your WP-Content directory contain the outdated version of TimThumb? Good news, there is a simple plugin that not only scans your content directory for the outdated version of the script, but also provides a link to quickly upgrade to the newer version. After installation, you’ll find the options page within the Tools menu. After running the scan on WPTavern for the first time, these were my results:

This plugin is especially useful to those who have more than a few themes or an abundant number of plugins installed as it checks the entire contents of the WP-Content directory. According to a post within the plugins support forum, it has not gone through specific testing with WordPress Multi-Site but the author sees no reason why it wouldn’t work.

Category: Plugins

Tags: plugin, security, timthumb

9 responses to “See If You’re Secure With The Timthumb Vulnerability Scanner”

How to protect your WordPress site as hackers exploit TimThumb security hole says:

September 5, 2011 at 2:42 PM

[…] Via WordPress Tavern I’ve learned that a new plugin allows you to scan your WordPress site for the TimThumb […]

Loading…
chrismccoy says:

September 5, 2011 at 2:42 PM

nice one ;)

i had a client who had a large number of themes which used timthumb he wanted a faster way to update each one.

here is a little shell script that will do it.

#!/usr/bin/bash wget -q -O ~/newtim.php http://timthumb.googlecode.com/svn/trunk/timthumb.php; find . -name "timthumb.php" -exec bash -c "echo patching {} && cp ~/newtim.php {}" \; rm ~/newtim.php

Loading…
Miroslav Glavic says:

September 5, 2011 at 3:14 PM

Sweet no vulnerabilities found.

Loading…
Russell says:

September 5, 2011 at 4:20 PM

Thanks, seems my site is okay. Actually thought it was open to attack!!

Loading…
Kirk M says:

September 5, 2011 at 6:06 PM

Good, I’m clean also. Nice to have another “health” plugin like this one especially for those DYI WordPress powered sites that have some age on them. To bad we don’t have plugins like this for their owner’s health as well. ;-)

Loading…
Flick says:

September 5, 2011 at 6:59 PM

I found that the CPanel Filemanager search was a very useful way of finding the files as well.

Loading…
Around the WordPress Community this Week | CS5 Design says:

September 9, 2011 at 10:26 PM

[…] the Timthumb Vulnerability not long ago? WordPress Tavern have stumbled upon A Timthumb Vulnerability Scanner plugin that checks to see if your WordPress is vulnerable. Comments to the post include a simple […]

Loading…
Mike says:

November 1, 2011 at 10:15 AM

We run a fairly large multisite install and this plugin will allow clients to see each others timthumb scripts (and fix them!). This may or may not be a big issue, but I can see how it could cause some disruption.

What we did was install the Restrict Multisite Plugins plugin and this will allow you to restrict the install of the Timthumb Scanner plugin on your parent site only, so then none of your clients will see it.

Just thought I’d throw that out there for any multisite users.

Loading…
WordPress Plugin – TimThumb Vulnerability Scanner | FriedGreenKidneyBeanFriedGreenKidneyBean says:

November 2, 2011 at 6:32 AM

[…] changed the files myself manually on the WordPress websites that I maintain, but I saw a post from WPTavern about a new plugin which took all the trouble out of searching for the files and replacing them. […]

Loading…