New vulnerability found in WordPress, A zero-day vulnerability in the popular TimThumb plugin for WordPress leaves many websites vulnerable to exploits that allow unauthorized attackers to execute malicious code.The vulnerability involved poor handling of untrusted files, so that a crook could persuade your WordPress to fetch a script from a dodgy website, and save it in a cache directory on server.
WordPress sites that have TimThumb installed with the webshot option enabled. But it is disabled by default, and sites that are hosted on WordPress.com are also not susceptible.
According to veteran security expert Graham Cluley, a factor which he says limits the vuln's potential to cause harm.
The buggy TimThumb library code can be installed by a third-party theme or plugin, so it might be running on WordPress sites without the owners necessarily being aware that it's there.
The vulnerability was disclosed through a Full Disclosure mailing list without notifying TimThumb's developers beforehand. The developers were able to act quickly and released TimThumb version 2.8.14, which resolves the vulnerability.
According to NakedSecurity, most of TimThumb is used to crop, zoom and resize images automatically, for example to turn big images into thumbnails, or to scale a bunch of differently-sized images so they fit neatly into an image gallery.
The WebShot feature relies on: running an external command to fetch and render the requested page; grabbing a static image of the video buffer into which it was rendered; and turning it into an image file.
The TimThumb coders have now included a fix, so if you are a user of TimThumb on WordPress, you can do either or both of these:
- Edit your TimThumb configuration file and make sure that WEBSHOT_ENABLED is set to false.
- Update your TimThumb software file to the latest version
