frettled

The problem is publicly documented in issues 273 and 274 for TimThumb.

(Issue list)

BTW and OT, I suggest creating a timthumb-config.php with the following code:

define ('ALLOW_EXTERNAL', FALSE);

Thanks for the quick response.

Now for the rest of those plugins/themes using PHPMailer < 5.1 and/or TimThumb < 2.8.2…

Apparently, it’s 5.2 that’s the most recent version. I don’t check this software’s version that often, since it’s infrequently updated.

https://code.google.com/a/apache-extras.org/p/phpmailer/source/list

Hmm, that’s interesting.

When I first unpacked latest.zip (twice!), there was no wp-includes directory extracted at all, giving the appearance that the file structure had changed.

A fresh unpack today, however, seems to be fine, and version.php is there.

Argh.

Sorry for bothering you guys, and thanks for the kick.

I’d also like some sort of cryptographic signature of each core file, since that would make it easy to check whether a script kiddie has injected malicious code, or if a user just changed the version number manually to fool version checks. ?? But I know that’s going to be a bit hard.