Woo Themes or Any Theme with timthumb Read This Security Alert!
This was brought up before with a kind of fix but it looks like an easier and more permanent fix has been worked on. Woo has made it very easy to fix the thumb.php (timthumb.php) security flaw, just by updating the Framework.
Woo just sent me this
This morning we were made aware of a security flaw within the Timthumb image resizing script, which is utilized in our themes for dynamic image resizing. It is also widely used in other WordPress themes and plugins.
As a result of this security flaw, the author of TimThumb and the author of WordThumb have worked together to release TimThumb v2 which fixes these security issues.
We'd highly recommend that you update your WooFramework like described below.
How to update your theme
Update TimThumb with WooFramework v4.4.1
You need to update to the latest version of the WooFramework (v4.4.1), as we have now moved thumb.php into the framework so it is easier to keep updated. There is also a new function in the framework which will remove your old TimThumb from the theme.
To update your Framework, simply go to your theme menu and select "Update Framework" (see our tutorial on the topic).
If you use another Brand theme that uses timthumb.php, code.google.com issued a revised, secure version of timthumb.php. I've attached the revised timthumb.php below.
Just be aware that Woo and maybe some other themes call it thumb.php instead of timthumb.php. In that case, just rename the new file thumb.php and upload to your theme folder. In Woo themes, this is in the main folder of your theme folder.
Woo just sent me this
This morning we were made aware of a security flaw within the Timthumb image resizing script, which is utilized in our themes for dynamic image resizing. It is also widely used in other WordPress themes and plugins.
As a result of this security flaw, the author of TimThumb and the author of WordThumb have worked together to release TimThumb v2 which fixes these security issues.
We'd highly recommend that you update your WooFramework like described below.
How to update your theme
Update TimThumb with WooFramework v4.4.1
You need to update to the latest version of the WooFramework (v4.4.1), as we have now moved thumb.php into the framework so it is easier to keep updated. There is also a new function in the framework which will remove your old TimThumb from the theme.
To update your Framework, simply go to your theme menu and select "Update Framework" (see our tutorial on the topic).
If you use another Brand theme that uses timthumb.php, code.google.com issued a revised, secure version of timthumb.php. I've attached the revised timthumb.php below.
Just be aware that Woo and maybe some other themes call it thumb.php instead of timthumb.php. In that case, just rename the new file thumb.php and upload to your theme folder. In Woo themes, this is in the main folder of your theme folder.