Partial list of WordPress themes scanned by bots for timthumb vulnerability

This is a partial list of WordPress theme and plugin URLS that bots are scanning for timthumb exploits. If you use any of these, make sure you have upgraded the theme, or at the very least upgraded the timthumb script within. Or said another way, these themes used timthumb at some point and the bots scan for it hoping it is exploitable.

We are in no way saying these products are insecure, just be sure to update.

If you are pagely customer, we scan our file system daily to apply patches for you and you are further protected by firewall rules to defend against this.

image credit

/themes/bueno/thumb.php
/themes/modularity/includes/timthumb.php
/themes/themorningafter/thumb.php
/themes/SimplePress/timthumb.php
/themes/premiumnews/thumb.php
/themes/delicate/thumb.php
/themes/DelicateNews/timthumb.php
/themes/Nova/timthumb.php
/themes/OptimizePress/timthumb.php
/themes/Chameleon/timthumb.php
/themes/Delicate/thumb.php
/themes/typebased/thumb.php
/themes/Magnificent/timthumb.php
/themes/dailyedition/thumb.php
/themes/skeptical/thumb.php
/themes/spectrum/thumb.php
/themes/profitstheme/thumb.php
/themes/photoria/scripts/timthumb.php
/themes/Minimal/timthumb.php
/themes/Reporter/timthumb.php
/themes/Memoir/timthumb.php
/themes/optimize/thumb.php
/themes/TheSource/timthumb.php
/themes/Basic/timthumb.php
/themes/PersonalPress/timthumb.php
/themes/deliciousmagazine/thumb.php
/themes/PureType/timthumb.php
/themes/DeepBlue/timthumb.php
/themes/ePhoto/timthumb.php
/themes/duotive-three/includes/timthumb.php
/themes/eNews/timthumb.php
/themes/dandelion_v2.6.3/functions/timthumb.php
/themes/myjourney/thumb.php
/themes/eBusiness/timthumb.php
/themes/Transcript/timthumb.php
/themes/InterPhase/timthumb.php
/themes/tribune/scripts/timthumb.php
/themes/thestation/thumb.php
/themes/GrungeMag/timthumb.php
/themes/vulcan/timthumb.php
/themes/delight/scripts/timthumb.php
/themes/dandelion_v2.6.4/functions/timthumb.php
/themes/simplicity/thumb.php
/themes/MyProduct/timthumb.php
/themes/backstage/thumb.php
/themes/biznizz/thumb.php
/themes/multidesign/scripts/timthumb.php
/themes/retreat/thumb.php
/themes/myjourney_3.1/thumb.php
/themes/Bold/timthumb.php
/themes/pearlie_14%20dec/scripts/timthumb.php
/themes/LightBright/timthumb.php
/themes/muse/scripts/timthumb.php
/themes/bt/includes/timthumb.php
/themes/eStore/timthumb.php
/themes/redlight/includes/timthumb.php
/themes/wp-clear-prem/scripts/timthumb.php
/themes/insignio/images/timthumb.php
/themes/DeepFocus/timthumb.php
/themes/dualshockers2/thumb.php
/themes/editorial/thumb.php
/themes/purevision/scripts/timthumb.php
/themes/mini-lab/functions/timthumb.php
/themes/Event/timthumb.php
/themes/postcard/thumb.php
/themes/snapshot/thumb.php
/themes/ElegantEstate/timthumb.php
/themes/CFWProfessional/timthumb.php
/themes/broadcast/thumb.php
/themes/coffeedesk/includes/timthumb.php
/themes/cruz/scripts/timthumb.php
/themes/NewsPro/timthumb.php
/themes/modularity2/includes/timthumb.php
/themes/gallant/thumb.php
/plugins/1-flash-gallery/upload.php
/plugins/front-end-upload/upload.php
/plugins/mac-dock-gallery/upload-file.php
/plugins/mm-forms-community/includes/doajaxfileupload.php
/plugins/wp-property/third-party/uploadify/uploadify.php

Pagely® created the standard for Managed WordPress Hosting and offers Managed WordPress plans for Developer's, Enterprise, and small business. Always secure, Always fast, our WordPress platform enables you do more. Host Your Site Here

Fresh content to your inbox.

Subscribe below to receive a weekly email with the latest content from our blog.


Comments

  1. John Saddington

    glad you mentioned a caveat to interpret this list as a vulnerable list.

    cool stuff.

    Reply
  2. Pingback Can I Haz More TimThumb? - WP Daily

  3. Pingback Can I Haz More TimThumb?

  4. Thomas Zickell

    What you’re doing is a very valuable service that most hosting company’s Overlook and never even think to patch. It is a huge problem with WordPress and the fact that you are Actively working to prevent this and other exploits gives me unbelievable confidence in you thank you showing us that you’ve done to destroy timthumb best you can as it is a Plague on the WordPress community

    Reply
  5. Pingback Ghost-Blogging, Plugin-Einblicke, Geburtstag und mehr WordPress-News » News » WordPress, News,Blog, Plugin, Sicherheit, Ghost

Comments are closed.

Pagely® WordPress Hosting