Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/easy-google-syntax-highlighter/easy-google-syntax-highlighter.php on line 50

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/easy-google-syntax-highlighter/easy-google-syntax-highlighter.php on line 50

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 305

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 305

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 306

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 306

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 307

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 307

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 308

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 308

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 309

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 309

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 310

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 310

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 311

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 311

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 312

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 312

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 316

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 316

Warning: mysql_real_escape_string(): No such file or directory in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 317

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/umeshw/techfeedlab.com/wp-content/plugins/statpress-visitors/statpress.php on line 317

Warning: Cannot modify header information - headers already sent by (output started at /home/umeshw/techfeedlab.com/wp-content/plugins/easy-google-syntax-highlighter/easy-google-syntax-highlighter.php:50) in /home/umeshw/techfeedlab.com/wp-content/plugins/wp-greet-box/includes/wp-greet-box.class.php on line 493
Vulnerable WordPress plugin leads to website hack | Technology Feed Lab

Technology Feed Lab

technology site

Vulnerable WordPress plugin leads to website hack

Posted by TechGeek on August 4, 2011

On August 2nd, 2011 Mark posted detailed blog mentioning technical details and scripts of WordPress hack plugin called “TimThumb”. TimThumb plugin is a simple, flexible, PHP script that resizes images for your blogs. It is a small PHP script for cropping, zooming and resizing web images like jpg, png, gif etc. As discovered my Mark, TimThumb plugin has a File upload vulnerability. An attacker can upload any file on the server to execute it.

This plugin is used by many people on their WordPress blogs and also it is bundled with many other different WordPress themes and plugin. If you have vulnerable version of this plugin, you should change the code to fix the issue as per workaround provided by Mark. File uploading vulnerabilities are not new but they are constantly used to compromise or hack the websites. There are already thousands of WordPress themes and plugin available over the Internet and new ones are coming every day. You should not blindly install each and every plugin. Do some homework before using any theme or plugin.

Security is really important for your websites. You take a lot of efforts to write on your websites and one vulnerability in any theme or plugin can provide massive damage to your website and your business. The above one is great example of this. Mark’s website got hacked due to this vulnerability and attacker injected some advertising code into his webpage’s. Attacker could have done more damage to his website since he/she can have the access to his server. You should immediately check your themes and plugin for any vulnerability.

To find, if your theme or plugin has vulnerability or not is to use Google search engine. Use theme name or plugin name along with name “vulnerability” in search string. For example, to search for TimThumb bug, search “TimThumb vulnerability” in the Google,

google search Vulnerable WordPress plugin leads to website hack

If you look at image above, you will news related this plugin. The second link also reveals that “Elegant Themes” are also uses this plugin inside the theme and they are too vulnerable to this attack.

Are you using vulnerable theme or plugin?

pixel Vulnerable WordPress plugin leads to website hack

Leave a Comment

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

CommentLuv badge