TimThumb end of life (security woes again)
-
Hi,
Just a note to point out that TimThumb has been deprecated due to ongoing security issues:
https://www.binarymoon.co.uk/2014/09/timthumb-end-life/
Although the BJ Lazy Load plugin does not appear to be using the line which opens up the potential exploit, it also seems the general consensus is that TimThumb is not a safe script, and plugin developers should no longer use it going forward.
More reading:
https://blog.sucuri.net/2014/06/timthumb-webshot-code-execution-exploit-0-day.html
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘TimThumb end of life (security woes again)’ is closed to new replies.
