Over on the post “Zero day bug threatens many WordPress sites • The Register” contains this text:
Zero day bug threatens many WordPress sites
TimThumb developer pwned by own creation By Dan Goodin in San Francisco • Get more from this author
Posted in Security, 2nd August 2011 18:44 GMT Free whitepaper – The Different Types of UPS Systems Attackers are exploiting a widely used extension for the WordPress publishing platform to take control of vulnerable websites, one of the victims has warned.
The vulnerability affects virtually all websites that have an image-resizing utility called TimThumb running with WordPress, Mark Maunder, CEO of Seattle-based Feedjit, wrote in a post published Monday. The extension is “inherently insecure” because it makes it easy for hackers to execute malicious code on websites that use it. At least two websites have already been compromised, he reporte”
