712 Fewer Vulnerable TimThumb Scripts in Existence

We recently contacted VaultPress customers who were affected by the TimThumb image library vulnerability with instructions on how to secure their sites. As previously noted, the vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory, compromising your entire WordPress site.

After some additional work, we’ve gone ahead and fixed the vulnerability for most of the affected VaultPress customers who haven’t yet updated their sites. We’ve fixed 712 copies of the script across our customers’ sites. We’ve sent out emails to all affected customers detailing what we fixed, and if there is additional cleaning that still needs to be done.

We provide services like this to sites under our care because keeping sites safe and secure is something that we’re passionate about.  We like to think that each of the 712 files we fixed helps make the Internet that much better of a place.

Please refer to our instructions for updating TimThumb if you must continue to use it on your site. Customers can also contact the VaultPress Safekeepers directly for help from the VaultPress dashboard.

About Demitrious Kelly

:(){ :|:& };: # Boom
This entry was posted in Announcements, Security and tagged . Bookmark the permalink.

7 Responses to 712 Fewer Vulnerable TimThumb Scripts in Existence

  1. Eizil says:

    Just a quick note, maybe you want to look at the new WordThumb created by mark maunder base on timthumb, http://code.google.com/p/wordthumb/

  2. Erlend says:

    I get the feeling there’s a lot of un-coordinated work happening around TimThumb right now. Between you guys, the original TimThumb developer and the new WordThumb fork, a single orchestrated effort could go a long way.

  3. Pingback: TimThumb Updated To Version 2

  4. Pingback: WordThumb project merges with TimThumb, Mullenweg comments | WPCandy

  5. Pingback: Five WordPress Tune-Up Tips for the New Year | WP Apprentice

  6. Pingback: Script Installation Service

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s