See If You’re Secure With The Timthumb Vulnerability Scanner

Not sure if any of the plugins or themes you have installed within your WP-Content directory contain the outdated version of TimThumb? Good news, there is a simple plugin that not only scans your content directory for the outdated version of the script, but also provides a link to quickly upgrade to the newer version. After installation, you’ll find the options page within the Tools menu. After running the scan on WPTavern for the first time, these were my results:

Clean Scan Reported By ScannerThis plugin is especially useful to those who have more than a few themes or an abundant number of plugins installed as it checks the entire contents of the WP-Content directory.  According to a post within the plugins support forum, it has not gone through specific testing with WordPress Multi-Site but the author sees no reason why it wouldn’t work.


9 responses to “See If You’re Secure With The Timthumb Vulnerability Scanner”

  1. nice one ;)

    i had a client who had a large number of themes which used timthumb he wanted a faster way to update each one.

    here is a little shell script that will do it.

    wget -q -O ~/newtim.php;
    find . -name "timthumb.php" -exec bash -c "echo patching {} && cp ~/newtim.php {}" \;
    rm ~/newtim.php

  2. Good, I’m clean also. Nice to have another “health” plugin like this one especially for those DYI WordPress powered sites that have some age on them. To bad we don’t have plugins like this for their owner’s health as well. ;-)

  3. We run a fairly large multisite install and this plugin will allow clients to see each others timthumb scripts (and fix them!). This may or may not be a big issue, but I can see how it could cause some disruption.

    What we did was install the Restrict Multisite Plugins plugin and this will allow you to restrict the install of the Timthumb Scanner plugin on your parent site only, so then none of your clients will see it.

    Just thought I’d throw that out there for any multisite users.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: