ThreatPress

WordPress Vulnerabilities Database

Back

WordPress TimThumb Plugin 1.32 - Remote Code Execution

Product
TimThumb
Description
This TimThumb plugin is prone to a Remote Code Execution vulnerability because script does not check remotely cached files properly.
Solution
Update this plugin to the latest version or just delete the "timthumb" file.
Classification
Type Arbitrary Code Execution
References
Exploit-DB
CVE
Name CVE-2011-4106
Versions
Affected In <= 1.32
Fixed In 1.34
Disclosure date
2011-08-03
Credits
MaXe