Timthumb Vulnerability Scanner – Plugin

It scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them to a safe version.

The recent Timthumb.php vulnerability has left scores of unsuspecting bloggers hacked
The Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers trying to exploit this vulnerability.

This plugin now checks for the latest available version of timthumb each time you visit the scanner page. It has a feature to download and install the latest version.

  1. Upload the timthumb-vulnerability-scanner to the/wp-content/plugins/` directory (alternatively, you could use the backend WordPress plugin installer, or install directly from the repository)
  2. Activate the plugin through the 'Plugins' menu in WordPress
  3. Visit the "Timthumb Scanner" page under the "Tools" Menu

The scanner checks for all instances of timthumb. It doesn't just check filename – it looks for code inside the file, ensuring that regardless of what a theme or plugin developer has named the file, it will be detected.