A new exploit that affects WordThumb (the img.php script that we use in our themes) was disclosed today.
First, we want to put emphasis on the fact that the alleged vulnerability is not true for Themify themes, since there are a number of factors that would have to be set plus a few modules enabled in your server for the exploit to become a viable one. Basically, you were never in danger.
To be cautious, we have taken immediate actions to remove all the code that, under the most pessimistic assumption, could lead to an exploit and have released an update. All Themify users are recommended to upgrade the themes.
You can read the changelog here, which includes some technical details.
Indu Jain
July 20, 2014 @ 6:20 pm
It’s a good effort that you fixed up a Vulnerability as soon as you found it. This is one of the good practices you follow.
Sam Ngoc Linh
August 19, 2014 @ 4:46 am
It’s good for me, tks for sharing. This is one of the good practices you follow.