Partial list of WordPress themes scanned by bots for timthumb vulnerability


This is a partial list of WordPress theme and plugin URLS that bots are scanning for timthumb exploits. If you use any of these, make sure you have upgraded the theme, or at the very least upgraded the timthumb script within. Or said another way, these themes used timthumb at some point and the bots scan for it hoping it is exploitable.

We are in no way saying these products are insecure, just be sure to update.

If you are pagely customer, we scan our file system daily to apply patches for you and you are further protected by firewall rules to defend against this.

image credit

/themes/bueno/thumb.php
/themes/modularity/includes/timthumb.php
/themes/themorningafter/thumb.php
/themes/SimplePress/timthumb.php
/themes/premiumnews/thumb.php
/themes/delicate/thumb.php
/themes/DelicateNews/timthumb.php
/themes/Nova/timthumb.php
/themes/OptimizePress/timthumb.php
/themes/Chameleon/timthumb.php
/themes/Delicate/thumb.php
/themes/typebased/thumb.php
/themes/Magnificent/timthumb.php
/themes/dailyedition/thumb.php
/themes/skeptical/thumb.php
/themes/spectrum/thumb.php
/themes/profitstheme/thumb.php
/themes/photoria/scripts/timthumb.php
/themes/Minimal/timthumb.php
/themes/Reporter/timthumb.php
/themes/Memoir/timthumb.php
/themes/optimize/thumb.php
/themes/TheSource/timthumb.php
/themes/Basic/timthumb.php
/themes/PersonalPress/timthumb.php
/themes/deliciousmagazine/thumb.php
/themes/PureType/timthumb.php
/themes/DeepBlue/timthumb.php
/themes/ePhoto/timthumb.php
/themes/duotive-three/includes/timthumb.php
/themes/eNews/timthumb.php
/themes/dandelion_v2.6.3/functions/timthumb.php
/themes/myjourney/thumb.php
/themes/eBusiness/timthumb.php
/themes/Transcript/timthumb.php
/themes/InterPhase/timthumb.php
/themes/tribune/scripts/timthumb.php
/themes/thestation/thumb.php
/themes/GrungeMag/timthumb.php
/themes/vulcan/timthumb.php
/themes/delight/scripts/timthumb.php
/themes/dandelion_v2.6.4/functions/timthumb.php
/themes/simplicity/thumb.php
/themes/MyProduct/timthumb.php
/themes/backstage/thumb.php
/themes/biznizz/thumb.php
/themes/multidesign/scripts/timthumb.php
/themes/retreat/thumb.php
/themes/myjourney_3.1/thumb.php
/themes/Bold/timthumb.php
/themes/pearlie_14%20dec/scripts/timthumb.php
/themes/LightBright/timthumb.php
/themes/muse/scripts/timthumb.php
/themes/bt/includes/timthumb.php
/themes/eStore/timthumb.php
/themes/redlight/includes/timthumb.php
/themes/wp-clear-prem/scripts/timthumb.php
/themes/insignio/images/timthumb.php
/themes/DeepFocus/timthumb.php
/themes/dualshockers2/thumb.php
/themes/editorial/thumb.php
/themes/purevision/scripts/timthumb.php
/themes/mini-lab/functions/timthumb.php
/themes/Event/timthumb.php
/themes/postcard/thumb.php
/themes/snapshot/thumb.php
/themes/ElegantEstate/timthumb.php
/themes/CFWProfessional/timthumb.php
/themes/broadcast/thumb.php
/themes/coffeedesk/includes/timthumb.php
/themes/cruz/scripts/timthumb.php
/themes/NewsPro/timthumb.php
/themes/modularity2/includes/timthumb.php
/themes/gallant/thumb.php
/plugins/1-flash-gallery/upload.php
/plugins/front-end-upload/upload.php
/plugins/mac-dock-gallery/upload-file.php
/plugins/mm-forms-community/includes/doajaxfileupload.php
/plugins/wp-property/third-party/uploadify/uploadify.php



Pagely® is the original Managed WordPress Hosting company. Since 2009 we have helped thousands of personal bloggers, small business, and enterprise clients secure and accelerate their WordPress powered sites. Let us help you.

The #1 rated WordPress Host - WPMU.org

Give Us a Try Today


6 thoughts on “Partial list of WordPress themes scanned by bots for timthumb vulnerability

  1. Pingback: Can I Haz More TimThumb? - WP Daily

  2. Pingback: Can I Haz More TimThumb?

  3. What you’re doing is a very valuable service that most hosting company’s Overlook and never even think to patch. It is a huge problem with WordPress and the fact that you are Actively working to prevent this and other exploits gives me unbelievable confidence in you thank you showing us that you’ve done to destroy timthumb best you can as it is a Plague on the WordPress community

    Leave a Response

  4. Pingback: Ghost-Blogging, Plugin-Einblicke, Geburtstag und mehr WordPress-News » News » WordPress, News,Blog, Plugin, Sicherheit, Ghost


Comments are closed.