Categories: US-Cert-Repository

WordPress Themes Vulnerability

TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.

US-CERT encourages users and administrators to:

determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Next Apple Releases QuickTime 7.7 »

Previous « Cisco Releases Security Advisory and Applied Mitigation Bulletin

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems (ICS) advisories on June 5, 2025. These advisories provide…

9 hours ago

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

1 day ago

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security…

2 days ago

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

3 days ago

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of…

4 days ago

US-Cert-Repository

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems (ICS) advisories on May 29, 2025. These advisories provide…

1 week ago

This website uses cookies.