tech

Important security note for WordPress users

There’s a vulnerability in a piece of software called timthumb.php that is used by some self-hosted WordPress themes and plugins for image manipulation (not WordPress.com.)

If you have shell access to your web server, go to your web root directory and run:

find -name timthumb.php

(If you can’t do it through the shell, check your hosting control panel’s file manager for a search function or ask your host to run the search for you.)

If you find timthumb on your server, figure out what plugins/themes use it and delete them for now. (I found that WP Featured Content Slider and Featured Post with thumbnail are among the affected plugins.) If removal isn’t an option, get a developer who knows their way around WordPress to safely delete the timthumb library without breaking the rest of your site.

Find full technical details at Zero Day Vulnerability in many WordPress Themes | mm.