Peter Butler, WordPress developer and the mind behind security monitoring service Code Garage, has released a plugin to search for any vulnerable instance of TimThumb. Butler’s plugin will also, if you wish (and you should) offer a one click option to upgrade the outdated copy of TimThumb. The TimThumb vulnerability was news over a month […]
Last week we reported that Mark Maunder, the developer who discovered the security issue with TimThumb, had forked TimThumb into WordThumb which he hoped would fix the problems found within TimThumb. Shortly after forking the project he decided to move the project back into TimThumb, making TimThumb 2.0 a collaborative project between he and Ben Gillibanks. […]
Mark Maunder, the developer who discovered and blogged about the TimThumb vulnerability has himself done a full rewrite of TimThumb and forked it as WordThumb on Google Code. Everything but the original TimThumb image processing has been rewritten, Maunder says. The full list of all changes have been posted to Maunder’s blog, and it mentions […]
Over the weekend a vulnerability was discovered in the TimThumb image resizing script. On Monday Mark Maunder, the CEO of Feedjit and the one who originally discovered the issue, blogged about his site becoming compromised and how he discovered TimThumb was the weakness that allowed it to happen. Since that blog post the issue has […]
The team at WPBeginner have assembled a post explaining how to use and manipulate WordPress image sizes. It’s important to understand this, particularly after the TimThumb security issue last month.
It’s time again for another WPCandy Podcast! This time we’re at episode number 25, otherwise known as the “Too elite to be free” edition. In this episode Brian and I discuss the WordPress news of the last week or so, talk a lot about plugins, and of course dish our WordPress picks for the episode. […]
It’s Saturday afternoon, which means it’s time to review notable community blog posts and tutorials from this week. We have some great reads this week: essential mobile apps and themes for WordPress users, previews as to what’s upcoming in WordPress 3.1, and another killer informative/tutorial post from Justin Tadlock. Pretty blue links, just after the […]