The zero-day vulnerability enables the hacker to manipulate a website by executing a PHP code at it. If the hacker succeeds in his attempt, then he can manipulate the website as per whims and fancies. This is quite dangerous as the hacker can make any undesirable changes such as deletions, modify or make a file, said the security experts of the Sucuri break.
The following is a set of 5 commands that a hacker can use to carry out his attack on a website on Wordpress-
This places all the users who use Wordpress themes and plugins with TimThumb library feature at great risk. Some of the most popular Wordpress themes are-
1) WordThumb 1.07 is also using same vulnerable WebShot code.
2) TimThumb 2.8.13 Wordpress plugin
3) IGIT Posts Slider Widget
4) All the Wordpress themes from Themify contain vulnerable wordthumb at “/themify/img.php” location.
5) Wordpress Gallery Plugin
There is not all bad news as TimThumb is available with the ‘Webshot’ option which is disabled by default. Hence, you are at risk only if you have enabled the Webshot feature manually. To be on the safer side, follow the following steps and disable the TimThumb ‘Webshot’ immediately on your Wordpress website.
- Open the TimThumb file in your plugin or theme directory. This is generally located at "/wp-content/themes//path/to/timthumb.php"
- Locate the “WEBSHOT_ENABLED” option
- If the you encounter define ('WEBSHOT_ENABLED', true), then you need to set the value as ‘false’, i.e. define (‘WEBSHOT_ENABLED’, false).
You must also check for the patched update regularly for TimThumb in case you use it for image resizing and converting them to thumbnails.