Partial list of WordPress themes scanned by bots for timthumb vulnerability


This is a partial list of WordPress theme and plugin URLS that bots are scanning for timthumb exploits. If you use any of these, make sure you have upgraded the theme, or at the very least upgraded the timthumb script within. Or said another way, these themes used timthumb at some point and the bots scan for it hoping it is exploitable.

We are in no way saying these products are insecure, just be sure to update.

If you are pagely customer, we scan our file system daily to apply patches for you and you are further protected by firewall rules to defend against this.

image credit

/themes/bueno/thumb.php
/themes/modularity/includes/timthumb.php
/themes/themorningafter/thumb.php
/themes/SimplePress/timthumb.php
/themes/premiumnews/thumb.php
/themes/delicate/thumb.php
/themes/DelicateNews/timthumb.php
/themes/Nova/timthumb.php
/themes/OptimizePress/timthumb.php
/themes/Chameleon/timthumb.php
/themes/Delicate/thumb.php
/themes/typebased/thumb.php
/themes/Magnificent/timthumb.php
/themes/dailyedition/thumb.php
/themes/skeptical/thumb.php
/themes/spectrum/thumb.php
/themes/profitstheme/thumb.php
/themes/photoria/scripts/timthumb.php
/themes/Minimal/timthumb.php
/themes/Reporter/timthumb.php
/themes/Memoir/timthumb.php
/themes/optimize/thumb.php
/themes/TheSource/timthumb.php
/themes/Basic/timthumb.php
/themes/PersonalPress/timthumb.php
/themes/deliciousmagazine/thumb.php
/themes/PureType/timthumb.php
/themes/DeepBlue/timthumb.php
/themes/ePhoto/timthumb.php
/themes/duotive-three/includes/timthumb.php
/themes/eNews/timthumb.php
/themes/dandelion_v2.6.3/functions/timthumb.php
/themes/myjourney/thumb.php
/themes/eBusiness/timthumb.php
/themes/Transcript/timthumb.php
/themes/InterPhase/timthumb.php
/themes/tribune/scripts/timthumb.php
/themes/thestation/thumb.php
/themes/GrungeMag/timthumb.php
/themes/vulcan/timthumb.php
/themes/delight/scripts/timthumb.php
/themes/dandelion_v2.6.4/functions/timthumb.php
/themes/simplicity/thumb.php
/themes/MyProduct/timthumb.php
/themes/backstage/thumb.php
/themes/biznizz/thumb.php
/themes/multidesign/scripts/timthumb.php
/themes/retreat/thumb.php
/themes/myjourney_3.1/thumb.php
/themes/Bold/timthumb.php
/themes/pearlie_14%20dec/scripts/timthumb.php
/themes/LightBright/timthumb.php
/themes/muse/scripts/timthumb.php
/themes/bt/includes/timthumb.php
/themes/eStore/timthumb.php
/themes/redlight/includes/timthumb.php
/themes/wp-clear-prem/scripts/timthumb.php
/themes/insignio/images/timthumb.php
/themes/DeepFocus/timthumb.php
/themes/dualshockers2/thumb.php
/themes/editorial/thumb.php
/themes/purevision/scripts/timthumb.php
/themes/mini-lab/functions/timthumb.php
/themes/Event/timthumb.php
/themes/postcard/thumb.php
/themes/snapshot/thumb.php
/themes/ElegantEstate/timthumb.php
/themes/CFWProfessional/timthumb.php
/themes/broadcast/thumb.php
/themes/coffeedesk/includes/timthumb.php
/themes/cruz/scripts/timthumb.php
/themes/NewsPro/timthumb.php
/themes/modularity2/includes/timthumb.php
/themes/gallant/thumb.php
/plugins/1-flash-gallery/upload.php
/plugins/front-end-upload/upload.php
/plugins/mac-dock-gallery/upload-file.php
/plugins/mm-forms-community/includes/doajaxfileupload.php
/plugins/wp-property/third-party/uploadify/uploadify.php

  1. John Saddington

    glad you mentioned a caveat to interpret this list as a vulnerable list.

    cool stuff.

    John Saddington
  2. Thomas Zickell

    What you’re doing is a very valuable service that most hosting company’s Overlook and never even think to patch. It is a huge problem with WordPress and the fact that you are Actively working to prevent this and other exploits gives me unbelievable confidence in you thank you showing us that you’ve done to destroy timthumb best you can as it is a Plague on the WordPress community

    Thomas Zickell