[Plugin: Timthumb Vulnerability Scanner] 2.8 version reported as vulnerable

Viewing 1 replies (of 1 total)
  • Plugin Author Peter Butler

    (@peterebutler)

    This is sort of a loaded subject. The main vulnerability, which caused all of the issues, is fixed as of version 2 – so version 2.8 is much safer than anything under version 2. However, there was some concern around the way even 2.8 sanitized some input, and it wasn’t as secure as it COULD be. That was fixed as of version 2.8.2.

    So: is version 2.8 vulnerable? Not in the way pre-2.0 versions were – however, to be absolutely safe, it’s a good idea to be running 2.8.2 or above.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Timthumb Vulnerability Scanner] 2.8 version reported as vulnerable’ is closed to new replies.