WARNING: Timthumb Zero Day Vulnerability Found

TimThumb Zero Day Vulnerability

A zero day vulnerability has been recently found on TimThumb, a popular image resizing utility widely used in a lot of WordPress themes. This issue was first discovered and reported by Mark Maunder after his blog got hacked via the timthumb.php file/script.

The zero day vulnerability allows malicious users, hackers and other third parties to upload and run PHP code in the timthumb cache directory. When the uploaded PHP code is run and executed, the attacker can do whatever they want with the affected site or blog.

Recommended measures:

If You Use TimThumb
If your current WordPress theme is using timthumb.php, make sure that you update to the latest version and to reglularly check on the official site for updates and announcements.

Aside from updating the TimThumb file there’s another thing you need to do. Open up the timthumb.php or thumb.php file with a text editor and look for this line ALLOW_EXTERNAL and make sure that the value is set to FALSE.

define ('ALLOW_EXTERNAL', FALSE);

Once ALLOW_EXTERNAL is set to FALSE, next thing to do is remove the domains inside the $allowedSites array to ensure that remote file downloading is disabled:

Before
$allowedSites = array (
'flickr.com',
'picasa.com',
'img.youtube.com',
);

After
$allowedSites = array ();

If You Do Not Use TimThumb
If you don’t use or need timthumb.php but have other WordPress themes stored in your wp-content/themes folder that uses timthumb.php, it is recommended that the thumb.php file or even the entire theme or plugin folder be deleted/removed from your web server.

The theme I’m using here on JaypeeOnline – FreshNews by WooThemes uses TimThumb. After reading about this vulnerability, I immediately removed the thumb.php file and replaced it with an updated one. I was worried that I was using a very old version of the plugin and that upgrading might mess up my blog but after the upgrade, I checked all the thumbnails and everything seems to be working fine. I also removed everything related to the old version of TimThumb and cleared the cache.

If you want to know more about the zero day vulnerability, how it was discovered and other additional info, check out Mark Maunder’s blog post.

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 

7 Comments

    1. @John – It’s good that you checked and found out your theme uses TimThumb. We really need to be careful these days as hackers and other malicious users are getting more clever and finding new ways to do their stuff. You’re welcome! Glad I could share this with you and other WordPress users.

    1. @jehzlau – Good for you. However, there are tons of WordPress themes out there (both free and premium) that use the TimThumb script and millions of users using those themes.

Leave a Reply

Your email address will not be published. Required fields are marked *

JaypeeOnline