Image resizing utility on zero-day WordPress error
Hackers are exploiting the error of the image resizing utility TimThumb, which is widely used in WordPress blogging platform. Some fixes have been included in the latest version of TimThumb.
Feedjit CEO Mark Maunder discovered the problem when his blog started downloading advertising content (before that his blog did not have ads). He traced the cause to the problem with the "timthumb.php" library, used in the theme he bought for his blog.
TimThumb "is inherently unsafe" because it writes files to a folder when it loads images and resizes images, and people who visit the website can access that folder, Maunder wrote. An attacker can damage the website by "tricking" TimThumb to load a malicious PHP file and put it into the WordPress directory. Then, if the attacker uses the web browser to access the file, the code will be executed.
Mr. Maunder explained how to disable the ability to load images from TimThumb's external websites, but the surest way to prevent the problem is to remove TimThumb or restrict its access to other websites. . Besides, users should update to the latest version of TimThumb.
Mr. Ben Gillbanks - developer TimThumb - was the first to comment on Mr. Maunder's blog post. Mr. Gillbanks expressed his regret and hoped no one would encounter anything too bad for their website because of his mistake.
Mr. Gillbanks recommends that people use the latest version of TimThumb to avoid being exploited.
You should read it
- WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacks
- Why is WordPress free?
- 5 mistakes everyone mistakenly thinks about WordPress
- What's new in WordPress 5.4?
- How to remove PlusNetwork browser attacker. com
- WordPress works again after being attacked
- How to add new posts on WordPress
- Squarespace and WordPress - Which one is better?
May be interested
- How to add new posts on WordPressposting on a personal wordpress site will help enrich the page content, increasing the number of users.
- How to download Unsplash images according to an optional sizethe unsplash image downloader extension on chrome will help you download unsplash images to your custom size.
- Instructions for fixing WordPress's Briefly Unavailable for Scheduled Maintenance errorfor wordpress users, if they proceed to update the current version to 3.1.1, it may be the following error: all content and admin pages of wordpress will not be accessible , and display the briefly unavailable for scheduled maintenance error message. check back in a minute ...
- How to import images from external sources into WordPressif you recently moved your site from platform to platform, it is very likely that you have an external image to embed on your pages. this article will explain how to correctly import those external images into wordpress.
- Squarespace and WordPress - Which one is better?this article will compare squarespace and wordpress, listing the advantages and disadvantages of each platform. hopefully, after this comparison, you can choose which platform is more suitable to use.
- How to Resize a Photo (on Mac)with preview – a free image utility built into the os x operating system – resizing images is very simple. preview helps you crop and adjust image size easily without needing to install additional software. let's learn how to control image size, remove unwanted areas, and adjust resolution for different uses on preview.
- Keyboard shortcuts for editing on WordPresswith shortcuts on wordpress, the content editing process is faster than the real way.
- How to migrate blogs from WordPress.com to WordPress.orgtoday's article will show you how to migrate your existing wordpress.com blog to wordpress.org, how to keep search engine rankings for the site and how to redirect existing users.
- 10 most popular WordPress errors and how to fix themfor a tool that owns 50 percent of the entire database management system (content management system - cms), wordpress has become its own standard. however, just like any other tool, you may encounter problems while using. some problems are caused by user error and some problems are caused by software, server, web host.
- How to post photos and videos in WordPressin wordpress posts when inserting images or videos will increase the lively for the article, attracting more viewers.