Zero day vulnerabililty in Timthumb Webshot feature in WordPress

A critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. If you or your company use the popular image resizing library called “TimThumb” to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update.

The vulnerability allows an attacker to remotely execute arbitrary PHP code on the affected website. Once the PHP code has been executed, the website can be easily compromised in the way the attacker wants. Until now, there is no patch available for the flaw.

Using the following command, hackers can create, delete and modify any files on your server:
http://vulnerablesite.com/wp-content/plugins/pluginX/timthumb.php?webshot=1&src=http://vulnerablesite.com/$(rm$IFS/tmp/a.txt)
http://vulnerablesite.com/wp-content/plugins/pluginX/timthumb.php??webshot=1&src=http://vulnerablesite.com/$(touch$IFS/tmp/a.txt)

Which plugins and themes are vulnerable?

There are hundreds of other WordPress plugins and themes, those are using TimThumb library by default. Some of theme are:
1. TimThumb 2.8.13 WordPress plugin
2. WordThumb 1.07 is also using same vulnerable WebShot code.
3. WordPress Gallery Plugin
4. IGIT Posts Slider Widget
5. All WordPress themes from Themify contains vulnerable wordthumb at “/themify/img.php” location.

Timthumb comes with the webshot option disabled by default, so only those Timthumb installations are vulnerable to the flaw who have manually enabled the webshot feature.

How to check and disable Timthumb Webshot?

1. Open timthumb file inside your theme or plugin directory, usually located at “/wp-content/themes//path/to/timthumb.php”
2. Search for “WEBSHOT_ENABLED”
3. If the you find define (‘WEBSHOT_ENABLED’, true) , then set the value to “false”, i.e. define (‘WEBSHOT_ENABLED’, false)