Recently, lot of WordPress Themes and Plugins are open to the vulnerability found in the older version of TimThumb script that has been used by most of the popular themes and plugin. Exploiting this vulnerability an attacker can upload and excute a PHP file of his choice on a vulnerable website.
TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“
You can download the fixed version (v1.34) from the TimThumb project page (http://code.google.com/p/timthumb/).
My Recommendation to all the WordPress users to update their WordPress, Themes and Plugins to the latest version. This will fix about 90% of your security loop holes. Update, update and update is the key to make your WordPress secure and safe.
According to websitedefender team, they have compiled a list of plugins and themes that are affected by this vulnerability.
- portfolio-slideshow-pro
- wp-mobile-detector
- a-wp-mobile-detector
- igit-related-posts-with-thumb-images-after-posts
- dukapress
- verve-meta-boxes
- db-toolkit
- logo-management
- wp-marketplace
- islidex
- aio-shortcodes
- category-grid-view-gallery
- WPFanPro
- igit-posts-slider-widget
- wordpress-gallery-plugin
- cms-pack
- Premium_Gallery_Manager
- dp-thumbnail
- placid-slider
- nivo-slider
- photoria
- LaunchPressTheme
- kc-related-posts-by-category
- journalcrunch
- download-manager
- wordpress-thumbnail-slider
- sugar-slider
- optimizepress
- Minimo
- Polished
- Minimal
- nebula
- TheCorporation
- TheStyle
- TuaranBlog
- striking
- MyCuisine
- AskIt
- Webly
- Aggregate
- TheSource
- reviewit
- kelontongfree
- Mentor
- SimplePress
- journalcrunch
- ecobiz
- Magnificent
- timthumb.php
- Olympia
- kingsize
- Chameleon
- DelicateNews
- videozoom-v2.0-original
- videozoom
- Envisioned
- twicet
- u-design
- genoa
- OptimizePress
- Modest
- mocell
- ephoto
- Theme
- InReview
- lightpress
- hostme
- PersonalPress
- Cadca
- arras
- tiwinoo_v3
- MyProduct
- sc4
- InterPhaseTheme
- InStyle
- LightBright
- TheProfessional
- mnfst
- freshnews
- ArtSee
- Boutique
- eStore
- Avenue
- twentyten
- XSWordPressTheme
- adcents
- Nova
- MyPhoto
- eGallery
- Striking_Premium_Corporate
- default
- Lycus
- manifesto
- cold
- DynamiX
- tarnished
- Nyke
- linepress
- DJ
- adria
- zimex
- peano
- ElegantEstate
- delight
- kelontong-free
- duotive-three
- SobhanSoft_Theme
- PureType
- yamidoo_pro
- vulcan2.1
- eGamer
- Wooden
- peritacion
- AmphionPro
- trinity
- dandelion_v2.6.3
- Juggernautgrande
- juggernaut-theme
- BlackLabel_v1.1.2
- Feather
- reviewit1
- zinepress_v1.0.1
- tribune
- photoria
- vilisya
- DailyNotes
- Basic
- minerva
- anthology_v1.4.2
- ModestTheme
- purevision
- parquet
- framed-redux
- eceramica
- InterPhase
- epsilon
- Striking
- thedawn
- peava
- Newspro
- telegraph
- averin
- telegraph_v1.1
- Memoir
- NewsPro
- CircloSquero
- vassal
- maxell
- 13Floor
- wpanniversary
- OnTheGo
- Glider
- mohannad-najjar222
- mohannad-najjar2
- arthemia
- tuufy7
- photoframe
- beach-holiday
- blacklabel
- cadabrapress
- snapwire
- bizpress
- themesbangkoofree
- TOA
- D4
- eNews
- vulcan
- overtime
- rockwell_v1.0
- vicon
- wideo
- CherryTruffle
- mio
- rttheme13
- Linepress
- DeepFocus
- advanced-newspaper202
- OptimusPrime
- Quadro
- Lumin
- minima
- identity
- U-design.v1.1.2_hkz
- KP
- Petra
- services
- 13FloorTheme.php
- BD
- PolishedTheme
- 13FloorTheme
- kiwinho
- graphix
- jerestate
- centro
- corage
- Reporter
- TheTravelTheme
- XSBasico
- openhouse
- seosurfing1
- bluebaboon
- Newspro-2.8.6
- nd
- zoralime
- GrupoProbeta
- eBusiness
- purplex
- kitten-in-pink
- FashionHouse
- WhosWho
- Deviant
- Bold
- BusinessCard
- EarthlyTouch
- GrungeMag
- LightSource
- Simplism
- TidalForce
- Glow
- Influx
- StudioBlue
- jpmegaph
- redina
- tritone
- dandelion_v2.5
- Bluesky
- ColdStone
- silveroak
- newspro
- GamesAwe
- caratinga.net
- SimplePressTheme
- MyResume
- MyApp
- theme
- bigcity
- dandelion_v2.6.1
- chronicle
- cuizine
- thesis_18
- advanced-newspaper_new
- Event
- wpbedouine
- rt_affinity_wp
- arry12
- backup-TheStyle
- ExploreFeed
- zzzzzzzzz
- Bluemist
- Hermes
- cleartype_v1.0
- polariswp
- Chameleon 1.6
- sniper
- adena
- ariela
- FreshAndClean
- wp-creativix
Click here to read from the original source.
You can check this plugin Timthumb Vulnerability Scanner (http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/) if you have plugin on manually scanning and upgrade. This plugin is just a click to fix the problem.