Thread: Update your timthumb.php! Otherwise, you'll get hacked!

at least woothemes takes their customers seriously (appthemes does not) acutally not at all, actually not even close..

sanook thanks for the tip but regarding bulletproof plugin, I have used it earlier, and had some access problems with it

Already a requested position of the team of developers and have an answer soon.
I am very thankful for all the help you are giving in relation to this issue, and I will mark this thread is sticky

Just to be sure I do this properly... (I am a newbie). I replace with all of the code in the link above?

Exoticvintage,

Yes, replace ALL the old code by ALL the new code.

Now you have Timthumb version 2.

You're welcome

Just updated mine... Many thanks for the headsup Sanook.

I'm sure that AppTheme do take this security issue serious as much as any other Wordpress theme developers. However at update on the front page of the site would have been nice. In that case we would know about it.

I did not know this until I saw this thread.

Bredvig.

Thanks sanook for raising these concerns and sharing a solution.

We will be rolling out a patch (3.1.4) shortly to address this. Customers who purchased CP AFTER 4/01/10 (v3.0+) do NOT need TimThumb and can just delete it (/includes/timthumb.php). It was left in there for legacy support.

Everyone else should follow the instructions as mentioned by sanook or wait for the patch to go out.

We'll also be emailing all customers to advise them of this. Thanks.

The patch you are going to release soon. Will that only address this issue, or will other fixes be looked at as well? Just want to know if I should need to do the update of the theme in due time.

The patch is primarily to address this timthumb issue and is scheduled within the next couple of days.

Ok great. No worries for me then as I followed Sanooks advice yesterday.