Timthumb vulnerability Scanner: Not Too Late

General principle in software testing is ” Every Feature brings Bugs with it”. Ever increasing popularity of wordpress CMS brings loads of feature rich plugins and themes and hence opens up vulnerability codes with it. The most recent one responsible for the buzz is Timthumb. I must agree for this delayed, but Better late than never.

Timthumb scanner plugin helps you to check your wordpress directory for any vulnerabilty caused by timthumb security breach. It traces old exploits and offers one click fix from your wp-admin.  Doing so will protect you from hackers looking to exploit this particular vulnerability.


 1. Login to your wordpress dashboard. Go to “add new” in Plugins section

2. Search for “TimThumb Vulnerability Scanner”

3. Install and Activate the plugin

4. Access the plugin in Tools ==> Timthumb Scanner. Click scan and check the vulnerability.

5. If your page is vulnerable “Fix” button will appear for you, click and move on.


History Behind Timthumb,

TimThumb is a simple, flexible, PHP script that resizes images. Timthumb.php famously used by “Mimbo Pro” themes. It opens up breach window for intruders to hack your site. Age-old method of injecting files into your hosting server space. Actual developer and other open source thinks tanks offered several solutions to curtail the problem and hence secure your wordpress site. Some references, http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/,  http://code.google.com/p/timthumb/

Also read about,

Blog hosting provider Hexahost’s proactive approach in Blog hosting


Tags: , , , ,

Leave a Reply

thomas davisthomas davis