A few days ago I talked about an error with the TimThumb.php script that did not allow it to display thumbnails properly because of a permissions issue. I just learned today that the entire PHP script has some vulnerabilities. For this reason, if you are using TimThumb.php in WordPress or any other platform like Drupal, then you must update the script to protect yourself from this vulnerability.

For more information on this vulnerability, visit the Timthumb.php authors blog or to check for the TimThumb vulnerability in your WordPress blog install the TimThumb Vulnerability Scanner.

Follow these steps to easily update the TimThumb.php script in WordPress.

1) Log into your WordPress Admin control panel by going to http://www.yourdomain.com/wp-admin. You should replace the ‘yourdomain.com’ with your actual domain name.

2) Go to Appearance

3) Click on Editor

4) On the right side of the screen, click on TimThumb.php and it will load into the editor window. The latest version as of September 1, 2011 is version 2.0. If you are not using version 2.0, you need to replace it.

5) Right-click in the editor window and click on Select All

6) Press the delete key on the keyboard or right click and choose delete to delete the entire script.

7) Open a new window in your browser and go to the following site


8 ) You’ll want to copy this code by right-clicking on the page and choose Select All, then Right-click and choose Copy.

9) Now go back to your WP-admin window in your browser

10) Right-click in the editor window and choose Paste

11) Click Update File at the bottom of the Editor window

12) It may take several minutes to update the file, just be patient and wait.

13) Once its updated, you are finished. The TimThumb.php script is now updated and safe from this particular vulnerability.

Continue to update any other WordPress blogs, or other sites that use TimThumb.php



Tagged with:

Filed under: Errors

Like this post? Subscribe to my RSS feed and get loads more!