TimThumb Security Vulnerability Affects Many WordPress Themes and Plugins

Zero-Day Vulnerability
Getting WordPress Hacked!

This is just yuck kinda news. It affects not only a ton of WP sites but also a lot of static sites as well.

According to Mark Maunder, a developer who first located the timthumb.php vulnerability being exploited (his site was hacked), “An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it.”

The file is TimThumb.php but some themes and plugins have renamed it to Thumb.php (though not all thumb.php files are secretly timthumb.php)

While most are saying this is a “theme issue” a search of my backups yield the affected file present not only in a large number of themes but also in certain shopping cart plugins, thumbnail plugins, slider plugins and more (pretty much any plugin that even looks at an image sideways may be affected).

Checking only the active theme is not good enough. You can be impacted even if the plugin or theme containing the file is not active or activated. So simply having an affected theme or plugin installed even if you are not using it is too dangerous.

The developer that discovered the hack has subsequently started recoding the script but it will not fix whats on your site magically. Read more.

Here is a VERY partial list of themes affected by the timthumb.php vulnerability.

Information we know: Fixes for some of the WooThemes themes. Fixes for some of the ElegantThemes themes. Thesis claims as does Genesis now (and appear to possibly be right) to be using a already modified version of the code that is not affected. We also know that all VaultPress subscribers were auto-patched by the Automattic team.

To check if your theme and plugins carries the troublesome TimThumb.php and file (similar works for plugins, just use the plugin editor), from your admin Dashboard, click on “Appearances”, then select (in the sub-menu) “Editor”. In the theme drop down box at the upper right, select each individual theme and then look at the list of files you have on the right.

If you see Timthumb.php there, you’ll want to either delete it (make a copy first) or check on the status of the program being secure with the latest update. Alternatively, you could contact your theme’s developer and ask them if they have an update.

To check for the files in your plugins, simply do similar to above, only going Dashboard, then “Plugins” then “Editor” and then select (in the drop down box at the upper right) each individual plugin and look at its file list.

(Experienced user? The fastest way to check for the file anywhere it could be hiding is to download a copy of your hosting account (all sites, even non-wp ones) to your local computer and then do a file search for the files.)

Regardless of the theme you’re using, look for updates immediately. Contact your developer/designer if you have a support contract. If your theme is using timthumb.php its essential you get patched NOW even if your theme has no official support to do it for you. (Switching to a default wp theme like Twenty Ten or Twenty Eleven will temporarily put you in a safe zone.)

This is one of those times when having paid for a premium theme – with access to that themes support forum – is going to pay off for you as many on free themes are “on their own” for this one. Please remember you have to check for it in all themes AND all plugins, checking only your active theme is not enough.

Contact me if you wish to open as support ticket for assistance with your site.

Kimberly Castleberry
Your Partner In Online Success

PS: Want to learn more about how to secure WordPress against most hacking and malware attacks? Click here to learn how to defend your blog or WordPress site!

PS: In the unfortunate chance that your site has already been hacked (which may or may not be easily evident to you) for fixing a site affected by hacking or malware, learn more here.

Get The Inside Scoop!
social tripletKeep up with all the latest social marketing changes!


After Post Widget

This is where you can place your after content optin

Relevant Posts

This is the widget for relevant posts

Leave a Reply

52 Comments on "TimThumb Security Vulnerability Affects Many WordPress Themes and Plugins"


Guest
TrafficColeman
3 years 9 months ago

Wow..thanks for the heads up..I will take a look at some of my niche sites and see if I can find it.

“Black Seo Guy “Signing Off”

Guest
Kayla Javier
3 years 9 months ago

Great post, i would love to go back here and check for an updates,i probably share this to my friends.

Guest
3 years 9 months ago

Once again you are out there protecting us from the idiots who spend time making up these viruses. Why they do this is beyond me but I can also depend on you as a great resource for keeping my site safe.

Guest
3 years 9 months ago

Kimberly, holly cow, I hadn’t heard of this vulnerability before. I have dozens of WP sites as well as building them for clients. This is a GREAT bit of info; I’m very appreciative. Thanks so much!

Guest
3 years 9 months ago

Kimberly,
Very helpful information but I do not even know how to check if I do have this timthumb.php. What are the signs that a blog site has been hacked?
Erica

Guest
3 years 9 months ago

Erica… the post mentions how to check this out….

To check if your theme carries the troublesome TimThumb.php and file (similar works for plugins, just use the plugin editor), from your admin Dashboard, click on “Appearances”, then select (in the sub-menu) “Editor”. In the theme drop down box at the upper right, select your current theme and then look at the list of files you have on the right.

If you see Timthumb.php there, you’ll want to either delete it (make a copy first) or check on the status of the program being secure with the latest update. Alternatively, you could contact your theme’s developer and ask them if they have an update.

I’m going to check mine now… fingers crossed… Thanks a Kim :o)