Peter Butler releases plugin to scan for, and fix, TimThumb vulnerabilities


Peter Butler, WordPress developer and the mind behind security monitoring service Code Garage, has released a plugin to search for any vulnerable instance of TimThumb. Butler’s plugin will also, if you wish (and you should) offer a one click option to upgrade the outdated copy of TimThumb. The TimThumb vulnerability was news over a month […]

WordThumb project merges with TimThumb, Mullenweg comments


Last week we reported that Mark Maunder, the developer who discovered the security issue with TimThumb, had forked TimThumb into WordThumb¬†which he hoped would fix the problems found within TimThumb. Shortly after forking the project he decided to move the project back into TimThumb, making TimThumb 2.0 a collaborative project between he and Ben Gillibanks. […]

Mark Maunder forks TimThumb, attempts secure rewrite as WordThumb


Mark Maunder, the developer who discovered and blogged about the TimThumb vulnerability has himself done a full rewrite of TimThumb and forked it as WordThumb on Google Code. Everything but the original TimThumb image processing has been rewritten, Maunder says. The full list of all changes have been posted to Maunder’s blog, and it mentions […]

WPCandy Podcast 25: Too elite to be free edition


It’s time again for another WPCandy Podcast! This time we’re at episode number 25, otherwise known as the “Too elite to be free” edition. In this episode Brian and I discuss the WordPress news of the last week or so, talk a lot about plugins, and of course dish our WordPress picks for the episode. […]

Community links: “New in 3.1 trunk” edition


It’s Saturday afternoon, which means it’s time to review notable community blog posts and tutorials from this week. We have some great reads this week: essential mobile apps and themes for WordPress users, previews as to what’s upcoming in WordPress 3.1, and another killer informative/tutorial post from Justin Tadlock. Pretty blue links, just after the […]