Latest ThemeShift News

Theme Updates Due to TimThumb Vulnerability

→ August 3, 2011 in News

Yesterday I found this blog post reporting a security issue in the TimThumb image resizing script used in some of my older themes. Please read this carefully to find out if your theme is affected and how to fix it.

What’s the problem?

In a few words the script may give access to hackers to place and execute scripts with malicious code on your server.

Is my theme affected?

The following themes still include the TimThumb script. If your theme is among these, please read the rest of this post carefully. If not, there is no need to read further.

→ deCasa
→ deCondo
→ deGusto
→ deLuxe
→ deNovo
→ deZine
→ deStyle

How can I fix this?

There are two ways to easily fix this issue. You can either update the theme or you just replace the TimThumb script with an updated version. Either way, I strongly recommend to update the script..

Either Update Theme

1. Download latest version with your download link
2. Deactivate and remove old version
3. Install new version

Or Update Script

1. Access your server via FTP and find the following file:

/wp-content/themes/**themename**/lib/scripts/thumb.php</pre> <p>2. Download the (updated) <a href="http://themeshift.com/files/thumb.zip">thumb.zip</a> file<br /> 3. Unpack the archive<br /> 4. Replace the file <code>thumb.php in the above-mentioned folder on your server
 
Further Information
 
→ Zero Day Vulnerability in many WordPress Themes
 → WordPress Themes Using TimThumb Under Attack
 → TimThumb project page