Hackers Exploiting Zero-Day in WordPress Themes

Hackers are actively exploiting a zero-day vulnerability that may be affecting millions of WordPress users. The bug was found in an image re-sizing utility that comes built-in to a number of commercial and free themes on the popular blogging platform.

Wordpress vulnerabilityHackers are actively exploiting a zero-day vulnerability that may be affecting millions of WordPress users. The bug was found in an image re-sizing utility that comes built-in to a number of commercial and free themes on the popular blogging platform.

The vulnerability, discovered by Feedjit founder Mark Maunder, is located in an image re-sizing utility called timthumb.php. Maunder contacted the developer of timthumb.php, whose own blog was also hacked using the same method. According to Maunder’s blog post on the matter, Maunder has supplied what he is calling a “tiny patch,” and timtumb.php’s developer is working on a more comprehensive fix.

According to Maunder, timthumb.php is insecure by design, with re-sized files written into a directory that is accessible by people visiting the site. That’s a process that Maunder says is “never a good idea.”

It is recommended that users of WordPress using any theme bundled with timthumb.php, of which there are many, should immediately either disable those themes or set the “$allowedSites array” to empty. Maunder estimates that the bug may be affecting as many as 39 million blogs.

Maunder claims he discovered the bug when he loaded a page on his own blog and heard that all-too-familiar voice telling him, “Congratulations! You’re a winner!”

As the blogging platform has grown in popularity, so too has its value as a viable target for cybercriminals. Back in April, Servers belonging to Automattic, which makes WordPress’s blogging software, were hacked and the company’s source code is believed to have been exposed and copied. More recently, the WordPress security team discovered a number of back doors in some of the platform’s most popular plug-ins and required that users change their account passwords.

For a more in-depth analysis of the issue and also a way to fix the problem, read Maunder’s blog post.

Suggested articles

Cisco Patches High-Severity Bug in VoIP Phones

Cisco also patched three medium-security flaws in its network security offerings; and, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS.

Discussion

  • MaXe on

    Don't forget that it takes 2 minutes for anyone, including developers to rename "timthumb.php" to anythingyouwant.php

    Therefore, checking only for files named timthumb.php can be fatal and also a huge risk. Use 'grep' or another tool to search within php files for the word "timthumb" or similar words that appears within the file.

07/15/18 7:00
QNAP urged its customers to update after researchers found multiple #vulnerabilities in its web console: https://t.co/pBT2GEagCp

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.