Wordpress: Disable WebShot in TimThumb

Posted on

  • email
  • twitter
  • facebook
  • share this

share this

Wordpress users running the TimThumb plugin, an image resizer, are vulnerable to exploits that allow attackers to execute malicious code warned security firm Sucuri. 

The vulnerability affects WordPress sites that have TimThumb installed with the webshot option enabled. While the option is disabled by default, there is currently no patch for the remote-code execution hole. 

Wordpress users can check if their site is vulnerable by opening the TimThumb file in edit mode and searching for the text string "WEBSHOT_ENABLED" is set to true. If so, simply change it to false - and do it now! 

When the option is set to true, attackers can create or delete files, executing a variety of commands. 

Login To Comment

Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up

Be the first to comment on this article

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920
Email: info@websitemagazine.com