We recently contacted VaultPress customers who were affected by the TimThumb image library vulnerability with instructions on how to secure their sites. As previously noted, the vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory, compromising your entire WordPress site.
After some additional work, we’ve gone ahead and fixed the vulnerability for most of the affected VaultPress customers who haven’t yet updated their sites. We’ve fixed 712 copies of the script across our customers’ sites. We’ve sent out emails to all affected customers detailing what we fixed, and if there is additional cleaning that still needs to be done.
We provide services like this to sites under our care because keeping sites safe and secure is something that we’re passionate about. We like to think that each of the 712 files we fixed helps make the Internet that much better of a place.
Please refer to our instructions for updating TimThumb if you must continue to use it on your site. Customers can also contact the VaultPress Safekeepers directly for help from the VaultPress dashboard.