CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Current Activity - WordPress Themes Vulnerability

From: Current Activity <us-cert () us-cert gov>
Date: Wed, 3 Aug 2011 10:49:50 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

WordPress Themes Vulnerability

Original release date: August 3, 2011 at 10:05 am
Last revised: August 3, 2011 at 10:05 am


TimThumb, a PHP script that is reused in many popular themes for the
WordPress blog software, contains a vulnerability that allows a remote
attacker to upload arbitrary PHP code to an affected site.

US-CERT encourages users and administrators to:
  * determine if any hosted blogs use TimThumb by searching for
    timthumb.php or thumb.php
  * review the blog entry on the issue and apply any necessary updates
    or workarounds to help mitigate the risks

Relevant Url(s):
<http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/>

====
This entry is available at
http://www.us-cert.gov/current/index.html#wordpress_themes_vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTjlgAj6pPKYJORa3AQKKyggAtsJmP0lly4F8RTQOxk5FMCJFLYvVE+z6
IdLnpEeg/s/IanNaMB+WCUsxemRtw8QvHeCpPufQGWoGoed9ghGe9XcE1xBIN+qF
n2a81rCzIGHDFFeVNl5q7HIUR30gTKGKUzbNZBAODW2sP2sSqNYPIG4XVlTefybW
GvKl3y+FBhzqTI8n0mNd+/NhTTuD/WWc5yuyMJTDz/4J6X+bphKaYkarXzq3c2D9
hSJw068Dh+a2EgRpn4UutfIQSaEKzv1wdPen1Y2rE9YuSWQHQxiQT53hB+QOcemT
Bf15Ef5LCuHkAn/wyuJ1Ty5WWAWjh8bVk3zY05MrBRYSVAvAUYRO1Q==
=j55F
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: