According to a report, thousands of WordPress installations are at risk of being compromised because of a critical vulnerability in a popular third-party image manipulation script called
The affected image utility is not part of the main WordPress package, but is incorporated in many popular WordPress themes. The script consists of a single file called
timthumb.php and facilitates on-the-fly image cropping, zooming and resizing.
Timthumb defines a white list of remote domain names from which images can be fetched by default, which include popular image hosting web sites like Flickr.com, Picasa.com, Blogger.com, WordPress.com, Photobucket.com and others.
However, the script fails to validate these domain names properly, so it lets files be fetched from nasty hosts that include those strings in their URLs. For example, files from
http://flickr.com.maliciousdomain.com are accepted because
flickr.com is in the URL, even though it is not the actual domain name.
Continue reading @theinquirer.net
DO YOU NEED OUR HELP?Contact our experts, most of the time we assist our readers free of charge.
Those who found this page were searching for:
- you may also like script for blogger
- remove powered wordpress
- put A under risk
- third party scripts security
- security risks with third-party scripts
- you put her under risk
- security of third party scripting
- wordpress check third party script