I find it amazing how Twitter can spread news faster than any form of communication in the planet. This is especially true – in the world of theme development. Recently, I found that a very popular script called “Timthumb” has been found to cause some sites to get hacked. Timthumb is an image resizing tool that is used on many WordPress themes – including several of my own.
Symptoms of websites that have been hacked include code injections either to a temp directory or straight into the database. More information can be found from Mark Maunder’s article. So the past couple of days I’ve been updating my themes to the latest Timthumb code. Note that this is not the most secure solution, since Timthumb is still unsafe due to its dependency on writing to a temporary directory. Regardless, this is the most I can do for the meantime.
You can now head on over to my downloads section and reinstall the latest version of the updated themes. If you’ve already made customizations and do not want to reinstall – download the latest Timthumb and write over the old one.
The following themes have been updated:
Only the themes listed above use Timthumb. Note that these are my older themes – The newer themes that I have built use the WordPress “add_image_size” functionality – which I plan to integrate with the ones above, so stay tuned.
Lastly, a couple of the themes listed are not free – so if you’ve bought them before and would like to download the new version – please email host[at]fearlessflyer.com (hopefully with a Paypal receipt) and I will send you the download link.