Timthumb Vulnerability Scanner wordpress plugin resources analysis

Download This Plugin
Download Elegant Themes
Name	Timthumb Vulnerability Scanner
Version	1.53
Author	Peter Butler
Rating	86
Last updated	2012-08-11 05:06:00
Downloads	218321
Download Plugins Speed Test plugin for Wordpress

Home page

Delta: 0%

Post page

Delta: 0%

Timthumb Vulnerability Scanner plugin has no negative impact on PageSpeed score.

Home page PageSpeed score has been degraded by 0%, while Post page PageSpeed score has been degraded by 0%

Timthumb Vulnerability Scanner plugin added 3 bytes of resources to the Home page and 29 bytes of resources to the sample Post page.

Timthumb Vulnerability Scanner plugin added 0 new host(s) to the Home page and 0 new host(s) to the sample Post page.

Great! Timthumb Vulnerability Scanner plugin ads no tables to your Wordpress blog database.

Resources Added (Post page)

Description

The recent Timthumb.php vulnerability (discussed here) has left scores of unsuspecting bloggers hacked. It's the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious - resulting in a disastrous number of compromised sites.

The Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.

After new, lesser vulnerabilities were found, it became apparent that the plugin needs to be dynamic - able to keep you up to date with the latest version of timthumb, without requiring a plugin upgrade. The plugin now checks for the latest available version of timthumb routinely (each time you visit the scanner page, but no more than once a day), and can download and install the latest version, rather than the one included with the plugin. Scans are run daily (unless you disable them via the options link on the scanner page) via wp-cron to keep up with any new plugins or themes you've installed.

More info at CodeGarage.

Special thanks to Jacob Gillespie for help with the bulk upgrade feature.