Industry News

TimThumb, a utility used to resize images on the blog hosting website WordPress, contains a vulnerability hackers could exploit to compromise users' computers.

Mark Maunder, CEO of technology company Feedjit, discovered the issue after a pop-up ad appeared when he loaded his WordPress blog. He investigated the bug and found that in the process of working with images, TimThumb writes the files into a directory that can be accessed by anyone who visits a user's blog page. A hacker can therefore place a malicious PHP file in the directory and execute it via a web browser.

Maunder advised WordPress users to delete the timthumb.php file on their computers. On his blog, he also outlined steps for guarding against intrusions for users who still want to use the utility.

The developer who created TimThumb, Ben Gillbanks, posted a comment to Maunder's blog apologizing for the coding error and promising improvements in the newest version.

In March 2011, WordPress was hit by a Distributed Denial of Service attack that slowed down the site and left users unable to access accounts.