Not sure if any of the plugins or themes you have installed within your WP-Content directory contain the outdated version of TimThumb? Good news, there is a simple plugin that not only scans your content directory for the outdated version of the script, but also provides a link to quickly upgrade to the newer version. After installation, you’ll find the options page within the Tools menu. After running the scan on WPTavern for the first time, these were my results:
This plugin is especially useful to those who have more than a few themes or an abundant number of plugins installed as it checks the entire contents of the WP-Content directory. According to a post within the plugins support forum, it has not gone through specific testing with WordPress Multi-Site but the author sees no reason why it wouldn’t work.
Permalink
Permalink
nice one ;)
i had a client who had a large number of themes which used timthumb he wanted a faster way to update each one.
here is a little shell script that will do it.
#!/usr/bin/bash
wget -q -O ~/newtim.php http://timthumb.googlecode.com/svn/trunk/timthumb.php;
find . -name "timthumb.php" -exec bash -c "echo patching {} && cp ~/newtim.php {}" \;
rm ~/newtim.php
Report
Permalink
Sweet no vulnerabilities found.
Report
Permalink
Thanks, seems my site is okay. Actually thought it was open to attack!!
Report
Permalink
Good, I’m clean also. Nice to have another “health” plugin like this one especially for those DYI WordPress powered sites that have some age on them. To bad we don’t have plugins like this for their owner’s health as well. ;-)
Report
Permalink
I found that the CPanel Filemanager search was a very useful way of finding the files as well.
Report
Permalink
Permalink
We run a fairly large multisite install and this plugin will allow clients to see each others timthumb scripts (and fix them!). This may or may not be a big issue, but I can see how it could cause some disruption.
What we did was install the Restrict Multisite Plugins plugin and this will allow you to restrict the install of the Timthumb Scanner plugin on your parent site only, so then none of your clients will see it.
Just thought I’d throw that out there for any multisite users.
Report
Permalink