CERT mailing list archives
Current Activity - WordPress Themes Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Wed, 3 Aug 2011 10:49:50 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity WordPress Themes Vulnerability Original release date: August 3, 2011 at 10:05 am Last revised: August 3, 2011 at 10:05 am TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site. US-CERT encourages users and administrators to: * determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php * review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks Relevant Url(s): <http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/> ==== This entry is available at http://www.us-cert.gov/current/index.html#wordpress_themes_vulnerability -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTjlgAj6pPKYJORa3AQKKyggAtsJmP0lly4F8RTQOxk5FMCJFLYvVE+z6 IdLnpEeg/s/IanNaMB+WCUsxemRtw8QvHeCpPufQGWoGoed9ghGe9XcE1xBIN+qF n2a81rCzIGHDFFeVNl5q7HIUR30gTKGKUzbNZBAODW2sP2sSqNYPIG4XVlTefybW GvKl3y+FBhzqTI8n0mNd+/NhTTuD/WWc5yuyMJTDz/4J6X+bphKaYkarXzq3c2D9 hSJw068Dh+a2EgRpn4UutfIQSaEKzv1wdPen1Y2rE9YuSWQHQxiQT53hB+QOcemT Bf15Ef5LCuHkAn/wyuJ1Ty5WWAWjh8bVk3zY05MrBRYSVAvAUYRO1Q== =j55F -----END PGP SIGNATURE-----
Current thread:
- Current Activity - WordPress Themes Vulnerability Current Activity (Aug 03)