WordPress blogs security put under risk due to third party scripts


According to a report, thousands of WordPress installations are at risk of being compromised because of a critical vulnerability in a popular third-party image manipulation script called timthumb.

The affected image utility is not part of the main WordPress package, but is incorporated in many popular WordPress themes. The script consists of a single file called timthumb.php and facilitates on-the-fly image cropping, zooming and resizing.

Timthumb defines a white list of remote domain names from which images can be fetched by default, which include popular image hosting web sites like Flickr.com, Picasa.com, Blogger.com, WordPress.com, Photobucket.com and others.

However, the script fails to validate these domain names properly, so it lets files be fetched from nasty hosts that include those strings in their URLs. For example, files from http://flickr.com.maliciousdomain.com are accepted because flickr.com is in the URL, even though it is not the actual domain name.

Continue reading @theinquirer.net

By | On Wednesday, August 3rd, 2011 | Under News, Security | No Comments ยป


DO YOU NEED OUR HELP?

Contact our experts, most of the time we assist our readers free of charge.

Those who found this page were searching for:

  • put A under risk
  • risk third party script on secure pages
  • security risks with third-party scripts
  • put under risk
  • you put her under risk
  • you may also like script for blogger
  • third party scripts security
  • to put under risk
  • http://flickr.com.maliciousdomain.com
  • remove powered wordpress

Previous post:

Next post: