Timthumb vulnerability in some of the themes (Magazeen, Blogtheme, Colorpaper, Monotone)

Hi all,

I recently installed the Timthumb Vulnerability Scanner (http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/installation/) which found vulnerable themes in the theme pack:

Vulnerable 2.8 timthumb.php /usr/www/users/xyz/wp/wp-content/themes/magazeen/timthumb.php

Vulnerable 2.8 thumb.php /usr/www/users/xyz/wp/wp-content/themes/blogtheme/thumb.php

Vulnerable 2.8 preview.php /usr/www/users/xyz/wp/wp-content/themes/colorpaper/preview.php

Vulnerable 2.8 thumb.php /usr/www/users/xyz/wp/wp-content/themes/monotone/thumb.php

It’s highly recommended to update these files. The linked plug-in will do this for you.

  • aecnu
    • WP Unicorn

    Greetings maneramedia,

    Thank you for the confirmation, it is indeed greatly appreciated.

    This theme pack has shown it has been updated a couple of times though there is no mention of the Tim Thumb vulnerability in the change logs.

    Could you please consider retesting with the new package?

    If not it is fine, I will still bring it to the lead developers attention. He should be able to remember if he addressed the issue or not.

    Please advise.

    Cheers, Joe

  • Tom Eagles
    • Syntax Hero

    Greetings and thanks for being a great community member.

    We haven’t heard from you on this one for long and I am doing a regular followup to see if there is still something we can assist you on this thread.

    Just to manage the support issues more efficiently, I am marking this thread as resolved for now however this is not being done to avoid your questions in any way.

    Please feel free to mark this is “Not resolved” in case you have further questions and we would be back on it.

    Thanks a lot for being with WPMU DEV.



    Sales &Support

    Did you know we offer FREE lifetime memberships? Click here to learn more.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.