ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Multiple Plugin - timthumb.php Vulnerabilites

Product
Multiple
Description
This Multiple plugin is prone to a timthumb.php library vulnerabilities. The attacker controls domain such as blogger.com by hosting a malicious GIF file with code that is appended to the end on. Then provides it to the script through the src GET parameter.
Solution
Upgrade the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.7
Fixed In 2.8
Disclosure date
2011-09-19
Credits
Ben Schmidt