«
»

Zero day vulnerability in many WordPress themes

August 4th, 2011 | Author: david

Mark Maunder announced a zero day vulnerability in many WordPress themes yesterday here on his blog.

If you use any third party WordPress themes, you should check your server for the presence of timthumb.php or thumb.php. It is reported that several theme marketplace websites host common legitimate themes that utilize this library.

The fix is to remove any allowed sites from the thumb.php or timthumb.php files as recommended below.

BEFORE:

$allowedSites = array (
	'flickr.com',
	'picasa.com',
	'blogger.com',
	'wordpress.com',
	'img.youtube.com',
	'upload.wikimedia.org',
	'photobucket.com',
);

AFTER:

$allowedSites = array ();

Please read the full technical details at Mark’s blog in the link above.

Posted in PHP, Security, Theming, Wordpress | Tags: , , ,

Leave a Reply

Consulting

I'm currently available
for Lotus Notes / Domino consulting engagements.

LinkedIn

Connect with me:

LinkedIn

Advertisement
Advertisement
Categories

Copyright © 2006-2014 Symetrik Domino Consulting. All Rights Reserved.
Design by David Killingsworth @ Symetrik Design and Powered by Wordpress