[安全警示] wordpress 外掛和模板的TimThumb安全性問題,超多外掛和模板都有這問題!

By | 2011 年 09 月 26 日

您有使用wordpress 嗎?根據
http://www.websitedefender.com/wordpress-security/timthumb-vulnerability-wordpress-plugins-themes/

公布的安全性警示

一大堆(等等列在下方)的外掛和模板,因為使用了TimThumb 這個控制圖片的功能,而當wordpess使用者安裝這些模板時,會讓自己的wordpess陷於危險!

解決方案:
趕快檢查一下您有沒有安裝這些外掛

portfolio-slideshow-pro
wp-mobile-detector
a-wp-mobile-detector
igit-related-posts-with-thumb-images-after-posts
dukapress
verve-meta-boxes
db-toolkit
logo-management
wp-marketplace
islidex
aio-shortcodes
category-grid-view-gallery
WPFanPro
igit-posts-slider-widget
wordpress-gallery-plugin
cms-pack
Premium_Gallery_Manager
dp-thumbnail
placid-slider
nivo-slider
photoria
LaunchPressTheme
kc-related-posts-by-category
journalcrunch
download-manager
wordpress-thumbnail-slider
sugar-slider
optimizepress

和這些模板

Minimo
Polished
Minimal
nebula
TheCorporation
TheStyle
TuaranBlog
striking
MyCuisine
AskIt
Webly
Aggregate
TheSource
reviewit
kelontongfree
Mentor
SimplePress
journalcrunch
ecobiz
Magnificent
timthumb.php
Olympia
kingsize
Chameleon
DelicateNews
videozoom-v2.0-original
videozoom
Envisioned
twicet
u-design
genoa
OptimizePress
Modest
mocell
ephoto
Theme
InReview
lightpress
hostme
PersonalPress
Cadca
arras
tiwinoo_v3
MyProduct
sc4
InterPhaseTheme
InStyle
LightBright
TheProfessional
mnfst
freshnews
ArtSee
Boutique
eStore
Avenue
twentyten
XSWordPressTheme
adcents
Nova
MyPhoto
eGallery
Striking_Premium_Corporate
default
Lycus
manifesto
cold
DynamiX
tarnished
Nyke
linepress
DJ
adria
zimex
peano
ElegantEstate
delight
kelontong-free
duotive-three
SobhanSoft_Theme
PureType
yamidoo_pro
vulcan2.1
eGamer
Wooden
peritacion
AmphionPro
trinity
dandelion_v2.6.3
Juggernautgrande
juggernaut-theme
BlackLabel_v1.1.2
Feather
reviewit1
zinepress_v1.0.1
tribune
photoria
vilisya
DailyNotes
Basic
minerva
anthology_v1.4.2
ModestTheme
purevision
parquet
framed-redux
eceramica
InterPhase
epsilon
Striking
thedawn
peava
Newspro
telegraph
averin
telegraph_v1.1
Memoir
NewsPro
CircloSquero
vassal
maxell
13Floor
wpanniversary
OnTheGo
Glider
mohannad-najjar222
mohannad-najjar2
arthemia
tuufy7
photoframe
beach-holiday
blacklabel
cadabrapress
snapwire
bizpress
themesbangkoofree
TOA
D4
eNews
vulcan
overtime
rockwell_v1.0
vicon
wideo
CherryTruffle
mio
rttheme13
Linepress
DeepFocus
advanced-newspaper202
OptimusPrime
Quadro
Lumin
minima
identity
U-design.v1.1.2_hkz
KP
Petra
services
13FloorTheme.php
BD
PolishedTheme
13FloorTheme
kiwinho
graphix
jerestate
centro
corage
Reporter
TheTravelTheme
XSBasico
openhouse
seosurfing1
bluebaboon
Newspro-2.8.6
nd
zoralime
GrupoProbeta
eBusiness
purplex
kitten-in-pink
FashionHouse
WhosWho
Deviant
Bold
BusinessCard
EarthlyTouch
GrungeMag
LightSource
Simplism
TidalForce
Glow
Influx
StudioBlue
jpmegaph
redina
tritone
dandelion_v2.5
Bluesky
ColdStone
silveroak
newspro
GamesAwe
caratinga.net
SimplePressTheme
MyResume
MyApp
theme
bigcity
dandelion_v2.6.1
chronicle
cuizine
thesis_18
advanced-newspaper_new
Event
wpbedouine
rt_affinity_wp
arry12
backup-TheStyle
ExploreFeed
zzzzzzzzz
Bluemist
Hermes
cleartype_v1.0
polariswp
Chameleon 1.6
sniper
adena
ariela
FreshAndClean
wp-creativix

如果有,請趕快升級所有外掛和模板!!

也可以安裝這個 TimThumb 掃描外掛,可以掃描您所有資料夾下的 TimThumb 問題並加以修補
http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

Related Posts Plugin for WordPress, Blogger...

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *

Notify me of followup comments via e-mail. You can also subscribe without commenting.