U.S. Flag Official website of the Department of Homeland Security

WordPress Themes Vulnerability

Original release date: August 03, 2011 | Last revised: October 23, 2012

TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.

US-CERT encourages users and administrators to:

  • determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
  • review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top