Which plugins and themes are vulnerable?
There are hundreds of other WordPress plugins and themes, those are using TimThumb library by default. Some of theme are:
1. TimThumb 2.8.13 WordPress plugin
2. WordThumb 1.07 is also using same vulnerable WebShot code.
3. WordPress Gallery Plugin
4. IGIT Posts Slider Widget
5. All WordPress themes from Themify contains vulnerable wordthumb at “/themify/img.php” location.
Timthumb comes with the webshot option disabled by default, so only those Timthumb installations are vulnerable to the flaw who have manually enabled the webshot feature.
How to check and disable Timthumb Webshot?
1. Open timthumb file inside your theme or plugin directory, usually located at “/wp-content/themes//path/to/timthumb.php”
2. Search for “WEBSHOT_ENABLED”
3. If the you find define (‘WEBSHOT_ENABLED’, true) , then set the value to “false”, i.e. define (‘WEBSHOT_ENABLED’, false)
]]>