According to a report, thousands of WordPress installations are at risk of being compromised because of a critical vulnerability in a popular third-party image manipulation script called timthumb
.
The affected image utility is not part of the main WordPress package, but is incorporated in many popular WordPress themes. The script consists of a single file called timthumb.php
and facilitates on-the-fly image cropping, zooming and resizing.
Timthumb defines a white list of remote domain names from which images can be fetched by default, which include popular image hosting web sites like Flickr.com, Picasa.com, Blogger.com, WordPress.com, Photobucket.com and others.
However, the script fails to validate these domain names properly, so it lets files be fetched from nasty hosts that include those strings in their URLs. For example, files from http://flickr.com.maliciousdomain.com
are accepted because flickr.com
is in the URL, even though it is not the actual domain name.
Continue reading @theinquirer.net
DO YOU NEED OUR HELP?
Contact our experts, most of the time we assist our readers free of charge.Those who found this page were searching for:
- blogging+what are third party scripts?
- remove powered wordpress
- put under risk
- you put her under risk
- you may also like script for blogger
- wordpress check third party script
- put A under risk
- put A under risk
- http://flickr.com.maliciousdomain.com
- http://flickr.com.maliciousdomain.com