Categories: US-Cert-Repository

WordPress Themes Vulnerability

TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.

US-CERT encourages users and administrators to:

determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Next Apple Releases QuickTime 7.7 »

Previous « Cisco Releases Security Advisory and Applied Mitigation Bulletin

Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments

CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors,…

8 hours ago

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems (ICS) advisories on October 31, 2024. These advisories provide…

1 day ago

Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional…

2 days ago

Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor…

3 days ago

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems (ICS) advisory on October 22, 2024. These advisories provide…

4 days ago

US-Cert-Repository

Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled…

5 days ago

This website uses cookies.