{"id":2696,"date":"2011-08-03T09:31:27","date_gmt":"2011-08-03T17:31:27","guid":{"rendered":"https:\/\/graphpaperpress.com\/?p=2696"},"modified":"2013-11-25T10:47:50","modified_gmt":"2013-11-25T18:47:50","slug":"security-update-for-modularity-photo-workshop-widescreen-wordpress-themes","status":"publish","type":"post","link":"https:\/\/graphpaperpress.com\/blog\/security-update-for-modularity-photo-workshop-widescreen-wordpress-themes\/","title":{"rendered":"Security Update for Modularity, Photo Workshop, Widescreen WordPress Themes"},"content":{"rendered":"
This just in from VaultPress<\/a>, the makers of WordPress.com:<\/p>\n Yesterday we learned of a vulnerability in a popular image resizing library called TimThumb<\/a>, which is used in many WordPress themes and plugins, including a few of our older themes. The vulnerability was first reported by Mark Maunder in a post on his blog<\/a>, and has been confirmed by the author of TimThumb.<\/p>\n The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.<\/p><\/blockquote>\n Three of our themes (Modularity<\/a>, Photo Workshop<\/a>, Widescreen<\/a>) used this script as a fallback approach for generating thumbnails if a user didn’t set a Featured Image in WordPress. \u00a0This script helped users who hosted images elsewhere (PhotoShelter, Flickr, etc) to have thumbnails generated for their posts without uploading images into WordPress or setting a Featured Image for each post. \u00a0Because we have removed this script from our themes, users will need to always upload and set a Featured Image in WordPress if you want thumbnails for your Posts or homepage apps.<\/p>\n If you are using version 2.9.5 or earlier of Modularity<\/a> or any of its child themes (High Def<\/a>, F8<\/a>, Modfolio<\/a>, Modslider<\/a>, Workspace<\/a>, On Assignment<\/a>, Workaholic Pro<\/a> et al) you have three options:<\/p>\n If you are using version 1.1.1 or earlier of\u00a0Photo Workshop<\/a>\u00a0you have three options:<\/p>\n If you are using version 1.5.1 or earlier of Widescreen<\/a>\u00a0you have three options:<\/p>\n We have updated all of these themes to remedy the issue and we strongly suggest that you update your installations as soon as possible with one of the three fixes above.<\/p>\n","protected":false},"excerpt":{"rendered":" This just in from VaultPress:<\/p>\n Yesterday we learned of a vulnerability in a popular image resizing library called TimThumb, which is used in many WordPress themes and plugins, including a few of our older themes. The vulnerability was first reported by Mark Maunder in a post on his blog, and has been confirmed by the author of TimThumb. The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.<\/p>\n","protected":false},"author":4765,"featured_media":2691,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[210,3],"tags":[],"acf":[],"yoast_head":"\nAffected Themes<\/h3>\n
The Fix<\/h3>\n
\n
\n
\n