To those who are using TimThumb plugin (an image resizing tool for WordPress), it has been reported vulnerable to an attack classified as remote file inclusion exploit. This is the cause of many defaced WordPress websites. We encourage everyone to install Timthumb Vulnerability Scanner which can be downloaded here - http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/. Although we are not limited to TimThumb alone so please read on the following links on how to secure your themes or plugins and vigilantly monitor your website/s for any compromise.
http://wewatchyourwebsite.com/wordpress/2011/08/timthumb-wordpress-plugin-leads-to-hacked-websites/
http://blog.sucuri.net/2011/08/timthumb-php-vulnerability-not-only-affecting-themes-plugins-too-vslider.html
http://markmaunder.com/2011/08/02/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/web
Wednesday, February 8, 2012
